mirror of
https://github.com/slawkens/myaac.git
synced 2025-09-14 12:33:35 +02:00
Compare commits
19 Commits
v1.0-RC
...
feature/re
| Author | SHA1 | Date | |
|---|---|---|---|
|
67f54eacbc | ||
|
|
93641fc68a | ||
|
|
ea7e808508 | ||
|
|
da3fc1fc8c | ||
|
|
201f95caa8 | ||
|
|
779aa152fa | ||
|
|
d99b22f98b | ||
|
|
35e28350bd | ||
|
|
327dcb5f87 | ||
|
|
bc8ada6fe2 | ||
|
|
6183b7ee52 | ||
|
|
760c3ab017 | ||
|
|
ab73d60c61 | ||
|
|
8d8bdb6dac | ||
|
|
71c00aa5e0 | ||
|
|
1fcdd54c94 | ||
|
|
c2ec468246 | ||
|
|
cde8891b9b | ||
|
|
50a8b8169f |
@@ -8,6 +8,7 @@
|
||||
* @link https://my-aac.org
|
||||
*/
|
||||
|
||||
use MyAAC\Models\Account as AccountModel;
|
||||
use MyAAC\Models\Player;
|
||||
|
||||
defined('MYAAC') or die('Direct access not allowed!');
|
||||
@@ -51,36 +52,51 @@ $acc_type = setting('core.account_types');
|
||||
|
||||
<?php
|
||||
$id = 0;
|
||||
$search_account = '';
|
||||
$search_account = $search_account_email = '';
|
||||
if (isset($_REQUEST['id']))
|
||||
$id = (int)$_REQUEST['id'];
|
||||
else if (isset($_REQUEST['search_email'])) {
|
||||
$search_account_email = $_REQUEST['search_email'];
|
||||
$accountModel = AccountModel::where('email', $search_account_email)->limit(11)->get(['email', 'id']);
|
||||
if (count($accountModel) == 0) {
|
||||
echo_error('No entries found.');
|
||||
} else if (count($accountModel) == 1) {
|
||||
$id = $accountModel->first()->getKey();
|
||||
} else if (count($accountModel) > 10) {
|
||||
echo_error('Specified e-mail resulted with too many accounts.');
|
||||
}
|
||||
}
|
||||
else if (isset($_REQUEST['search'])) {
|
||||
$search_account = $_REQUEST['search'];
|
||||
if (strlen($search_account) < 3 && !Validator::number($search_account)) {
|
||||
echo_error('Player name is too short.');
|
||||
$min_size = 3;
|
||||
if ($nameOrNumberColumn == 'number') {
|
||||
$min_size = 1;
|
||||
}
|
||||
|
||||
if (strlen($search_account) < $min_size && !Validator::number($search_account)) {
|
||||
echo_error('Account ' . $nameOrNumberColumn . ' is too short.');
|
||||
} else {
|
||||
$query = $db->query('SELECT `id` FROM `accounts` WHERE `' . $nameOrNumberColumn . '` = ' . $db->quote($search_account));
|
||||
if ($query->rowCount() == 1) {
|
||||
$query = $query->fetch();
|
||||
$id = (int)$query['id'];
|
||||
$query = AccountModel::where($nameOrNumberColumn, '=', $search_account)->limit(11)->get(['id', $nameOrNumberColumn]);
|
||||
if (count($query) == 0) {
|
||||
echo_error('No entries found.');
|
||||
} else if (count($query) == 1) {
|
||||
$id = $query->first()->getKey();
|
||||
} else if (count($query) > 10) {
|
||||
echo_error('Specified name resulted with too many accounts.');
|
||||
} else {
|
||||
$query = $db->query('SELECT `id`, `' . $nameOrNumberColumn . '` FROM `accounts` WHERE `' . $nameOrNumberColumn . '` LIKE ' . $db->quote('%' . $search_account . '%'));
|
||||
if ($query->rowCount() > 0 && $query->rowCount() <= 10) {
|
||||
$str_construct = 'Do you mean?<ul class="mb-0">';
|
||||
foreach ($query as $row)
|
||||
$str_construct .= '<li><a href="' . $admin_base . '&id=' . $row['id'] . '">' . $row[$nameOrNumberColumn] . '</a></li>';
|
||||
$str_construct .= '</ul>';
|
||||
echo_error($str_construct);
|
||||
} else if ($query->rowCount() > 10)
|
||||
echo_error('Specified name resulted with too many accounts.');
|
||||
else
|
||||
echo_error('No entries found.');
|
||||
$str_construct = 'Do you mean?<ul class="mb-0">';
|
||||
foreach ($query as $row) {
|
||||
$str_construct .= '<li><a href="' . $admin_base . '&id=' . $row->getKey() . '">' . $row->attributes[$nameOrNumberColumn] . '</a></li>';
|
||||
}
|
||||
$str_construct .= '</ul>';
|
||||
echo_error($str_construct);
|
||||
}
|
||||
}
|
||||
}
|
||||
?>
|
||||
<div class="row">
|
||||
<?php
|
||||
$groups = new OTS_Groups_List();
|
||||
if ($id > 0) {
|
||||
$account = new OTS_Account();
|
||||
$account->load($id);
|
||||
@@ -143,7 +159,9 @@ else if (isset($_REQUEST['search'])) {
|
||||
$rl_loca = $_POST['rl_loca'];
|
||||
|
||||
//country
|
||||
$rl_country = $_POST['rl_country'];
|
||||
if(setting('core.account_country')) {
|
||||
$rl_country = $_POST['rl_country'];
|
||||
}
|
||||
|
||||
$web_flags = $_POST['web_flags'];
|
||||
verify_number($web_flags, 'Web Flags', 1);
|
||||
@@ -190,7 +208,11 @@ else if (isset($_REQUEST['search'])) {
|
||||
}
|
||||
$account->setRLName($rl_name);
|
||||
$account->setLocation($rl_loca);
|
||||
$account->setCountry($rl_country);
|
||||
|
||||
if(setting('core.account_country')) {
|
||||
$account->setCountry($rl_country);
|
||||
}
|
||||
|
||||
$account->setCustomField('created', $created);
|
||||
$account->setWebFlags($web_flags);
|
||||
$account->setCustomField('web_lastlogin', $web_lastlogin);
|
||||
@@ -214,7 +236,7 @@ else if (isset($_REQUEST['search'])) {
|
||||
}
|
||||
}
|
||||
} else if ($id == 0) {
|
||||
$accounts_db = $db->query('SELECT `id`, `' . $nameOrNumberColumn . '`' . ($hasTypeColumn ? ',type' : ($hasGroupColumn ? ',group_id' : '')) . ' FROM `accounts` ORDER BY `id` ASC');
|
||||
$accounts_db = $db->query('SELECT `id`, `' . $nameOrNumberColumn . '`' . ($hasTypeColumn ? ',type' : ($hasGroupColumn ? ',group_id' : '')) . ', email FROM `accounts` ORDER BY `id` ASC');
|
||||
?>
|
||||
<div class="col-12 col-sm-12 col-lg-10">
|
||||
<div class="card card-info card-outline">
|
||||
@@ -228,6 +250,7 @@ else if (isset($_REQUEST['search'])) {
|
||||
<th>ID</th>
|
||||
<th><?= ($nameOrNumberColumn == 'number' ? 'Number' : 'Name'); ?></th>
|
||||
<?php if($hasTypeColumn || $hasGroupColumn): ?>
|
||||
<th>E-Mail</th>
|
||||
<th>Position</th>
|
||||
<?php endif; ?>
|
||||
<th style="width: 40px">Edit</th>
|
||||
@@ -238,6 +261,7 @@ else if (isset($_REQUEST['search'])) {
|
||||
<tr>
|
||||
<th><?php echo $account_lst['id']; ?></th>
|
||||
<td><?php echo $account_lst[$nameOrNumberColumn]; ?></a></td>
|
||||
<td><?php echo $account_lst['email']; ?></td>
|
||||
<?php if($hasTypeColumn || $hasGroupColumn): ?>
|
||||
<td>
|
||||
<?php if ($hasTypeColumn) {
|
||||
@@ -585,6 +609,16 @@ else if (isset($_REQUEST['search'])) {
|
||||
</div>
|
||||
<div class="card-body">
|
||||
<div class="row">
|
||||
<div class="col-6 col-lg-12">
|
||||
<form action="<?php echo $admin_base; ?>" method="post">
|
||||
<?php csrf(); ?>
|
||||
<label for="search">Account E-Mail:</label>
|
||||
<div class="input-group input-group-sm">
|
||||
<input type="email" class="form-control" id="search_email" name="search_email" value="<?= escapeHtml($search_account_email); ?>" maxlength="255" size="255">
|
||||
<span class="input-group-append"><button type="submit" class="btn btn-info btn-flat">Search</button></span>
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
<div class="col-6 col-lg-12">
|
||||
<form action="<?php echo $admin_base; ?>" method="post">
|
||||
<?php csrf(); ?>
|
||||
|
||||
@@ -7,6 +7,9 @@
|
||||
* @copyright 2019 MyAAC
|
||||
* @link https://my-aac.org
|
||||
*/
|
||||
|
||||
use MyAAC\Models\Account;
|
||||
|
||||
defined('MYAAC') or die('Direct access not allowed!');
|
||||
$title = 'Mailer';
|
||||
|
||||
@@ -61,15 +64,15 @@ if (!empty($mail_content) && !empty($mail_subject) && empty($mail_to)) {
|
||||
$add = ' AND `email_verified` = 1';
|
||||
}
|
||||
|
||||
$query = $db->query('SELECT `email` FROM `accounts` WHERE `email` != ""' . $add);
|
||||
$query = Account::where('email', '!=', '')->get(['email']);
|
||||
foreach ($query as $email) {
|
||||
if (_mail($email['email'], $mail_subject, $mail_content)) {
|
||||
if (_mail($email->email, $mail_subject, $mail_content)) {
|
||||
$success++;
|
||||
}
|
||||
else {
|
||||
$failed++;
|
||||
echo '<br />';
|
||||
error('An error occorred while sending email to <b>' . $email['email'] . '</b>. For Admin: More info can be found in system/logs/mailer-error.log');
|
||||
error('An error occorred while sending email to <b>' . $email->email . '</b>. For Admin: More info can be found in system/logs/mailer-error.log');
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -24,20 +24,13 @@ $freePremium = $config['lua']['freePremium'];
|
||||
|
||||
function admin_give_points($points)
|
||||
{
|
||||
global $db, $hasPointsColumn;
|
||||
global $hasPointsColumn;
|
||||
|
||||
if (!$hasPointsColumn) {
|
||||
displayMessage('Points not supported.');
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
$statement = $db->prepare('UPDATE `accounts` SET `premium_points` = `premium_points` + :points');
|
||||
if (!$statement) {
|
||||
displayMessage('Failed to prepare query statement.');
|
||||
return;
|
||||
}
|
||||
|
||||
if (!Account::query()->increment('premium_points', $points)) {
|
||||
displayMessage('Failed to add points.');
|
||||
return;
|
||||
@@ -47,7 +40,7 @@ function admin_give_points($points)
|
||||
|
||||
function admin_give_coins($coins)
|
||||
{
|
||||
global $db, $hasCoinsColumn;
|
||||
global $hasCoinsColumn;
|
||||
|
||||
if (!$hasCoinsColumn) {
|
||||
displayMessage('Coins not supported.');
|
||||
@@ -62,24 +55,6 @@ function admin_give_coins($coins)
|
||||
displayMessage($coins . ' coins added to all accounts.', true);
|
||||
}
|
||||
|
||||
function query_add_premium($column, $value_query, $condition_query = '1=1', $params = [])
|
||||
{
|
||||
global $db;
|
||||
|
||||
$statement = $db->prepare("UPDATE `accounts` SET `{$column}` = $value_query WHERE $condition_query");
|
||||
if (!$statement) {
|
||||
displayMessage('Failed to prepare query statement.');
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!$statement->execute($params)) {
|
||||
displayMessage('Failed to add premium days.');
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
function admin_give_premdays($days)
|
||||
{
|
||||
global $db, $freePremium;
|
||||
@@ -94,9 +69,9 @@ function admin_give_premdays($days)
|
||||
// othire
|
||||
if ($db->hasColumn('accounts', 'premend')) {
|
||||
// append premend
|
||||
if (query_add_premium('premend', '`premend` + :value', '`premend` > :now', ['value' => $value, 'now' => $now])) {
|
||||
if (Account::where('premend', '>', $now)->increment('premend', $value)) {
|
||||
// set premend
|
||||
if (query_add_premium('premend', ':value', '`premend` <= :now', ['value' => $now + $value, 'now' => $now])) {
|
||||
if (Account::where('premend', '<=', $now)->update(['premend' => $now + $value])) {
|
||||
displayMessage($days . ' premium days added to all accounts.', true);
|
||||
return;
|
||||
} else {
|
||||
@@ -114,11 +89,11 @@ function admin_give_premdays($days)
|
||||
// tfs 0.x
|
||||
if ($db->hasColumn('accounts', 'premdays')) {
|
||||
// append premdays
|
||||
if (query_add_premium('premdays', '`premdays` + :value', '1=1', ['value' => $days])) {
|
||||
if (Account::query()->update(['premdays' => $days])) {
|
||||
// append lastday
|
||||
if (query_add_premium('lastday', '`lastday` + :value', '`lastday` > :now', ['value' => $value, 'now' => $now])) {
|
||||
if (Account::where('lastday', '>', $now)->increment('lastday', $value)) {
|
||||
// set lastday
|
||||
if (query_add_premium('lastday', ':value', '`lastday` <= :now', ['value' => $now + $value, 'now' => $now])) {
|
||||
if (Account::where('lastday', '<=', $now)->update(['lastday' => $now + $value])) {
|
||||
displayMessage($days . ' premium days added to all accounts.', true);
|
||||
return;
|
||||
} else {
|
||||
@@ -142,9 +117,9 @@ function admin_give_premdays($days)
|
||||
// tfs 1.x
|
||||
if ($db->hasColumn('accounts', 'premium_ends_at')) {
|
||||
// append premium_ends_at
|
||||
if (query_add_premium('premium_ends_at', '`premium_ends_at` + :value', '`premium_ends_at` > :now', ['value' => $value, 'now' => $now])) {
|
||||
if (Account::where('premium_ends_at', '>', $now)->increment('premium_ends_at', $value)) {
|
||||
// set premium_ends_at
|
||||
if (query_add_premium('premium_ends_at', ':value', '`premium_ends_at` <= :now', ['value' => $now + $value, 'now' => $now])) {
|
||||
if (Account::where('premium_ends_at', '<=', $now)->update(['premium_ends_at' => $now + $value])) {
|
||||
displayMessage($days . ' premium days added to all accounts.', true);
|
||||
return;
|
||||
} else {
|
||||
|
||||
@@ -51,22 +51,20 @@ else if (isset($_REQUEST['search'])) {
|
||||
if (strlen($search_player) < 3 && !Validator::number($search_player)) {
|
||||
echo_error('Player name is too short.');
|
||||
} else {
|
||||
$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote($search_player));
|
||||
if ($query->rowCount() == 1) {
|
||||
$query = $query->fetch();
|
||||
$id = (int)$query['id'];
|
||||
$query = Player::where('name', 'like', '%' . $search_player . '%')->orderBy('name')->limit(11)->get(['id', 'name']);
|
||||
if (count($query) == 0) {
|
||||
echo_error('No entries found.');
|
||||
} else if (count($query) == 1) {
|
||||
$id = $query->first()->getKey();
|
||||
} else if (count($query) > 10) {
|
||||
echo_error('Specified name resulted with too many players.');
|
||||
} else {
|
||||
$query = $db->query('SELECT `id`, `name` FROM `players` WHERE `name` LIKE ' . $db->quote('%' . $search_player . '%'));
|
||||
if ($query->rowCount() > 0 && $query->rowCount() <= 10) {
|
||||
$str_construct = 'Do you mean?<ul>';
|
||||
foreach ($query as $row)
|
||||
$str_construct .= '<li><a href="' . $player_base . '&id=' . $row['id'] . '">' . $row['name'] . '</a></li>';
|
||||
$str_construct .= '</ul>';
|
||||
echo_error($str_construct);
|
||||
} else if ($query->rowCount() > 10)
|
||||
echo_error('Specified name resulted with too many players.');
|
||||
else
|
||||
echo_error('No entries found.');
|
||||
$str_construct = 'Do you mean?<ul>';
|
||||
foreach ($query as $row) {
|
||||
$str_construct .= '<li><a href="' . $player_base . '&id=' . $row->getKey() . '">' . $row->name . '</a></li>';
|
||||
}
|
||||
$str_construct .= '</ul>';
|
||||
echo_error($str_construct);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -307,7 +305,7 @@ else if (isset($_REQUEST['search'])) {
|
||||
}
|
||||
}
|
||||
} else if ($id == 0) {
|
||||
$players_db = $db->query('SELECT `id`, `name`, `level` FROM `players` ORDER BY `id` asc');
|
||||
$players_db = Player::orderBy('id')->get(['id','name', 'level']);
|
||||
?>
|
||||
<div class="col-12 col-sm-12 col-lg-10">
|
||||
<div class="card card-info card-outline">
|
||||
@@ -327,11 +325,11 @@ else if (isset($_REQUEST['search'])) {
|
||||
<tbody>
|
||||
<?php foreach ($players_db as $player_db): ?>
|
||||
<tr>
|
||||
<th><?php echo $player_db['id']; ?></th>
|
||||
<td><?php echo $player_db['name']; ?></a></td>
|
||||
<td><?php echo $player_db['level']; ?></a></td>
|
||||
<th><?php echo $player_db->id; ?></th>
|
||||
<td><?php echo $player_db->name; ?></a></td>
|
||||
<td><?php echo $player_db->level; ?></a></td>
|
||||
|
||||
<td><a href="?p=players&id=<?php echo $player_db['id']; ?>" class="btn btn-success btn-sm" title="Edit">
|
||||
<td><a href="?p=players&id=<?php echo $player_db->id; ?>" class="btn btn-success btn-sm" title="Edit">
|
||||
<i class="fas fa-pencil-alt"></i>
|
||||
</a>
|
||||
</td>
|
||||
|
||||
@@ -114,7 +114,7 @@ else if($step == 'finish') {
|
||||
$email = $_SESSION['var_email'];
|
||||
$password = $_SESSION['var_password'];
|
||||
$password_confirm = $_SESSION['var_password_confirm'];
|
||||
$player_name = $_SESSION['var_player_name'];
|
||||
$player_name = $_SESSION['var_player_name'] ?? null;
|
||||
|
||||
// email check
|
||||
if(empty($email)) {
|
||||
@@ -159,12 +159,13 @@ else if($step == 'finish') {
|
||||
$errors[] = $locale['step_admin_password_confirm_error_not_same'];
|
||||
}
|
||||
|
||||
// player name check
|
||||
if(empty($player_name)) {
|
||||
$errors[] = $locale['step_admin_player_name_error_empty'];
|
||||
}
|
||||
else if(!Validator::characterName($player_name)) {
|
||||
$errors[] = $locale['step_admin_player_name_error_format'];
|
||||
if (isset($player_name)) {
|
||||
// player name check
|
||||
if (empty($player_name)) {
|
||||
$errors[] = $locale['step_admin_player_name_error_empty'];
|
||||
} else if (!Validator::characterName($player_name)) {
|
||||
$errors[] = $locale['step_admin_player_name_error_format'];
|
||||
}
|
||||
}
|
||||
|
||||
if(!empty($errors)) {
|
||||
|
||||
@@ -64,18 +64,6 @@ if(!$error) {
|
||||
$error = true;
|
||||
}
|
||||
|
||||
if (!$db->hasTable('players')) {
|
||||
$tmp = str_replace('$TABLE$', 'players', $locale['step_database_error_table']);
|
||||
error($tmp);
|
||||
$error = true;
|
||||
}
|
||||
|
||||
if (!$db->hasTable('guilds')) {
|
||||
$tmp = str_replace('$TABLE$', 'guilds', $locale['step_database_error_table']);
|
||||
error($tmp);
|
||||
$error = true;
|
||||
}
|
||||
|
||||
if (!$error) {
|
||||
$twig->display('install.installer.html.twig', array(
|
||||
'url' => 'tools/5-database.php',
|
||||
|
||||
@@ -18,6 +18,7 @@ if(!$error) {
|
||||
'locale' => $locale,
|
||||
'session' => $_SESSION,
|
||||
'account' => $account,
|
||||
'hasTablePlayers' => $db->hasTable('players'),
|
||||
'errors' => isset($errors) ? $errors : null,
|
||||
'buttons' => next_buttons(true, $error ? false : true)
|
||||
));
|
||||
|
||||
@@ -42,23 +42,25 @@ if(isset($account))
|
||||
else
|
||||
$account_db->load($account_id);
|
||||
|
||||
$player_name = $_SESSION['var_player_name'];
|
||||
$player_db = new OTS_Player();
|
||||
$player_db->find($player_name);
|
||||
if ($db->hasTable('players')) {
|
||||
$player_name = $_SESSION['var_player_name'];
|
||||
$player_db = new OTS_Player();
|
||||
$player_db->find($player_name);
|
||||
|
||||
if(!$player_db->isLoaded())
|
||||
{
|
||||
$player = new OTS_Player();
|
||||
$player->setName($player_name);
|
||||
if(!$player_db->isLoaded())
|
||||
{
|
||||
$player = new OTS_Player();
|
||||
$player->setName($player_name);
|
||||
|
||||
$player_used = &$player;
|
||||
$player_used = &$player;
|
||||
}
|
||||
else {
|
||||
$player_used = &$player_db;
|
||||
}
|
||||
|
||||
$groups = new OTS_Groups_List();
|
||||
$player_used->setGroupId($groups->getHighestId());
|
||||
}
|
||||
else {
|
||||
$player_used = &$player_db;
|
||||
}
|
||||
|
||||
$groups = new OTS_Groups_List();
|
||||
$player_used->setGroupId($groups->getHighestId());
|
||||
|
||||
$email = $_SESSION['var_email'];
|
||||
if($account_db->isLoaded()) {
|
||||
@@ -100,10 +102,16 @@ if($db->hasColumn('accounts', 'group_id'))
|
||||
if($db->hasColumn('accounts', 'type'))
|
||||
$account_used->setCustomField('type', 6);
|
||||
|
||||
if(!$player_db->isLoaded())
|
||||
$player->setAccountId($account_used->getId());
|
||||
else
|
||||
$player_db->setAccountId($account_used->getId());
|
||||
if ($db->hasTable('players')) {
|
||||
if(!$player_db->isLoaded()) {
|
||||
$player->setAccountId($account_used->getId());
|
||||
$player->save();
|
||||
}
|
||||
else {
|
||||
$player_db->setAccountId($account_used->getId());
|
||||
$player_db->save();
|
||||
}
|
||||
}
|
||||
|
||||
success($locale['step_database_created_account']);
|
||||
|
||||
@@ -111,18 +119,14 @@ setSession('account', $account_used->getId());
|
||||
setSession('password', encrypt($password));
|
||||
setSession('remember_me', true);
|
||||
|
||||
if($player_db->isLoaded()) {
|
||||
$player_db->save();
|
||||
}
|
||||
else {
|
||||
$player->save();
|
||||
}
|
||||
|
||||
if(!News::all()->count()) {
|
||||
$player_id = 0;
|
||||
$tmpNewsPlayer = \MyAAC\Models\Player::where('name', $player_name)->first();
|
||||
if($tmpNewsPlayer) {
|
||||
$player_id = $tmpNewsPlayer->id;
|
||||
|
||||
if ($db->hasTable('players')) {
|
||||
$tmpNewsPlayer = \MyAAC\Models\Player::where('name', $player_name)->first();
|
||||
if($tmpNewsPlayer) {
|
||||
$player_id = $tmpNewsPlayer->id;
|
||||
}
|
||||
}
|
||||
|
||||
News::create([
|
||||
|
||||
@@ -25,30 +25,33 @@ if(isset($config['installed']) && $config['installed'] && !isset($_SESSION['save
|
||||
|
||||
require SYSTEM . 'init.php';
|
||||
|
||||
$deleted = 'deleted';
|
||||
if($db->hasColumn('players', 'deletion'))
|
||||
$deleted = 'deletion';
|
||||
if ($db->hasTable('players')) {
|
||||
$deleted = 'deleted';
|
||||
if ($db->hasColumn('players', 'deletion'))
|
||||
$deleted = 'deletion';
|
||||
|
||||
$time = time();
|
||||
function insert_sample_if_not_exist($p) {
|
||||
global $db, $success, $deleted, $time;
|
||||
$time = time();
|
||||
function insert_sample_if_not_exist($p)
|
||||
{
|
||||
global $db, $success, $deleted, $time;
|
||||
|
||||
$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote($p['name']));
|
||||
if($query->rowCount() == 0) {
|
||||
if(!query("INSERT INTO `players` (`id`, `name`, `group_id`, `account_id`, `level`, `vocation`, `health`, `healthmax`, `experience`, `lookbody`, `lookfeet`, `lookhead`, `looklegs`, `looktype`, `maglevel`, `mana`, `manamax`, `manaspent`, `soul`, `town_id`, `posx`, `posy`, `posz`, `conditions`, `cap`, `sex`, `lastlogin`, `lastip`, `save`, `lastlogout`, `balance`, `$deleted`, `created`, `hide`, `comment`) VALUES (null, " . $db->quote($p['name']) . ", 1, " . getSession('account') . ", " . $p['level'] . ", " . $p['vocation_id'] . ", " . $p['health'] . ", " . $p['healthmax'] . ", " . $p['experience'] . ", 118, 114, 38, 57, " . $p['looktype'] . ", 0, " . $p['mana'] . ", " . $p['manamax'] . ", 0, " . $p['soul'] . ", 1, 1000, 1000, 7, '', " . $p['cap'] . ", 1, " . $time . ", 2130706433, 1, " . $time . ", 0, 0, " . $time . ", 1, '');"))
|
||||
$success = false;
|
||||
$query = $db->query('SELECT `id` FROM `players` WHERE `name` = ' . $db->quote($p['name']));
|
||||
if ($query->rowCount() == 0) {
|
||||
if (!query("INSERT INTO `players` (`id`, `name`, `group_id`, `account_id`, `level`, `vocation`, `health`, `healthmax`, `experience`, `lookbody`, `lookfeet`, `lookhead`, `looklegs`, `looktype`, `maglevel`, `mana`, `manamax`, `manaspent`, `soul`, `town_id`, `posx`, `posy`, `posz`, `conditions`, `cap`, `sex`, `lastlogin`, `lastip`, `save`, `lastlogout`, `balance`, `$deleted`, `created`, `hide`, `comment`) VALUES (null, " . $db->quote($p['name']) . ", 1, " . getSession('account') . ", " . $p['level'] . ", " . $p['vocation_id'] . ", " . $p['health'] . ", " . $p['healthmax'] . ", " . $p['experience'] . ", 118, 114, 38, 57, " . $p['looktype'] . ", 0, " . $p['mana'] . ", " . $p['manamax'] . ", 0, " . $p['soul'] . ", 1, 1000, 1000, 7, '', " . $p['cap'] . ", 1, " . $time . ", 2130706433, 1, " . $time . ", 0, 0, " . $time . ", 1, '');"))
|
||||
$success = false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$success = true;
|
||||
insert_sample_if_not_exist(array('name' => 'Rook Sample', 'level' => 1, 'vocation_id' => 0, 'health' => 150, 'healthmax' => 150, 'experience' => 0, 'looktype' => 130, 'mana' => 0, 'manamax' => 0, 'soul' => 100, 'cap' => 400));
|
||||
insert_sample_if_not_exist(array('name' => 'Sorcerer Sample', 'level' => 8, 'vocation_id' => 1, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 130, 'mana' => 90, 'manamax' => 90, 'soul' => 100, 'cap' => 470));
|
||||
insert_sample_if_not_exist(array('name' => 'Druid Sample', 'level' => 8, 'vocation_id' => 2, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 130, 'mana' => 90, 'manamax' => 90, 'soul' => 100, 'cap' => 470));
|
||||
insert_sample_if_not_exist(array('name' => 'Paladin Sample', 'level' => 8, 'vocation_id' => 3, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 129, 'mana' => 90, 'manamax' => 90, 'soul' => 100, 'cap' => 470));
|
||||
insert_sample_if_not_exist(array('name' => 'Knight Sample', 'level' => 8, 'vocation_id' => 4, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 131, 'mana' => 90, 'manamax' => 90, 'soul' => 100, 'cap' => 470));
|
||||
$success = true;
|
||||
insert_sample_if_not_exist(array('name' => 'Rook Sample', 'level' => 1, 'vocation_id' => 0, 'health' => 150, 'healthmax' => 150, 'experience' => 0, 'looktype' => 130, 'mana' => 0, 'manamax' => 0, 'soul' => 100, 'cap' => 400));
|
||||
insert_sample_if_not_exist(array('name' => 'Sorcerer Sample', 'level' => 8, 'vocation_id' => 1, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 130, 'mana' => 90, 'manamax' => 90, 'soul' => 100, 'cap' => 470));
|
||||
insert_sample_if_not_exist(array('name' => 'Druid Sample', 'level' => 8, 'vocation_id' => 2, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 130, 'mana' => 90, 'manamax' => 90, 'soul' => 100, 'cap' => 470));
|
||||
insert_sample_if_not_exist(array('name' => 'Paladin Sample', 'level' => 8, 'vocation_id' => 3, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 129, 'mana' => 90, 'manamax' => 90, 'soul' => 100, 'cap' => 470));
|
||||
insert_sample_if_not_exist(array('name' => 'Knight Sample', 'level' => 8, 'vocation_id' => 4, 'health' => 185, 'healthmax' => 185, 'experience' => 4200, 'looktype' => 131, 'mana' => 90, 'manamax' => 90, 'soul' => 100, 'cap' => 470));
|
||||
|
||||
if($success) {
|
||||
success($locale['step_database_imported_players']);
|
||||
if ($success) {
|
||||
success($locale['step_database_imported_players']);
|
||||
}
|
||||
}
|
||||
|
||||
Plugins::installMenus('kathrine', require TEMPLATES . 'kathrine/menus.php');
|
||||
|
||||
32
login.php
32
login.php
@@ -4,6 +4,7 @@ use MyAAC\Models\BoostedCreature;
|
||||
use MyAAC\Models\PlayerOnline;
|
||||
use MyAAC\Models\Account;
|
||||
use MyAAC\Models\Player;
|
||||
use MyAAC\RateLimit;
|
||||
|
||||
require_once 'common.php';
|
||||
require_once SYSTEM . 'functions.php';
|
||||
@@ -130,12 +131,29 @@ switch ($action) {
|
||||
}
|
||||
|
||||
$account = $account->first();
|
||||
|
||||
$ip = get_browser_real_ip();
|
||||
$limiter = new RateLimit('failed_logins', setting('core.account_login_attempts_limit'), setting('core.account_login_ban_time'));
|
||||
$limiter->enabled = setting('core.account_login_ipban_protection');
|
||||
$limiter->load();
|
||||
|
||||
$ban_msg = 'A wrong account, password or secret has been entered ' . setting('core.account_login_attempts_limit') . ' times in a row. You are unable to log into your account for the next ' . setting('core.account_login_ban_time') . ' minutes. Please wait.';
|
||||
if (!$account) {
|
||||
$limiter->increment($ip);
|
||||
if ($limiter->exceeded($ip)) {
|
||||
sendError($ban_msg);
|
||||
}
|
||||
|
||||
sendError(($inputEmail != false ? 'Email' : 'Account name') . ' or password is not correct.');
|
||||
}
|
||||
|
||||
$current_password = encrypt((USE_ACCOUNT_SALT ? $account->salt : '') . $request->password);
|
||||
if (!$account || $account->password != $current_password) {
|
||||
$limiter->increment($ip);
|
||||
if ($limiter->exceeded($ip)) {
|
||||
sendError($ban_msg);
|
||||
}
|
||||
|
||||
sendError(($inputEmail != false ? 'Email' : 'Account name') . ' or password is not correct.');
|
||||
}
|
||||
|
||||
@@ -145,16 +163,30 @@ switch ($action) {
|
||||
if ($accountSecret != null && $accountSecret != '') {
|
||||
$accountHasSecret = true;
|
||||
if ($inputToken === false) {
|
||||
$limiter->increment($ip);
|
||||
if ($limiter->exceeded($ip)) {
|
||||
sendError($ban_msg);
|
||||
}
|
||||
sendError('Submit a valid two-factor authentication token.', 6);
|
||||
} else {
|
||||
require_once LIBS . 'rfc6238.php';
|
||||
if (TokenAuth6238::verify($accountSecret, $inputToken) !== true) {
|
||||
$limiter->increment($ip);
|
||||
if ($limiter->exceeded($ip)) {
|
||||
sendError($ban_msg);
|
||||
}
|
||||
|
||||
sendError('Two-factor authentication failed, token is wrong.', 6);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$limiter->reset($ip);
|
||||
if (setting('core.account_mail_verify') && $account->email_verified !== 1) {
|
||||
sendError('You need to verify your account, enter in our site and resend verify e-mail!');
|
||||
}
|
||||
|
||||
// common columns
|
||||
$columns = 'id, name, level, sex, vocation, looktype, lookhead, lookbody, looklegs, lookfeet, lookaddons';
|
||||
|
||||
|
||||
@@ -105,4 +105,8 @@ $config['clients'] = [
|
||||
1316,
|
||||
1320,
|
||||
1321,
|
||||
1322,
|
||||
1330,
|
||||
1332,
|
||||
1340,
|
||||
];
|
||||
|
||||
@@ -1041,7 +1041,7 @@ function load_config_lua($filename)
|
||||
return $result;
|
||||
}
|
||||
|
||||
function str_replace_first($search, $replace, $subject) {
|
||||
function str_replace_first($search,$replace, $subject) {
|
||||
$pos = strpos($subject, $search);
|
||||
if ($pos !== false) {
|
||||
return substr_replace($subject, $replace, $pos, strlen($search));
|
||||
|
||||
@@ -184,8 +184,14 @@ abstract class OTS_Base_DB extends PDO implements IOTS_DB
|
||||
$query = 'UPDATE '.$this->tableName($table).' SET ';
|
||||
|
||||
$count = count($fields);
|
||||
for ($i = 0; $i < $count; $i++)
|
||||
$query.= $this->fieldName($fields[$i]).' = '.$this->quote($values[$i]).', ';
|
||||
for ($i = 0; $i < $count; $i++) {
|
||||
$value = 'NULL';
|
||||
if ($values[$i] !== null) {
|
||||
$value = $this->quote($values[$i]);
|
||||
}
|
||||
|
||||
$query.= $this->fieldName($fields[$i]).' = '.$value.', ';
|
||||
}
|
||||
|
||||
$query = substr($query, 0, -2);
|
||||
$query.=' WHERE (';
|
||||
|
||||
@@ -60,12 +60,7 @@ class OTS_House extends OTS_Row_DAO
|
||||
private $tiles = array();
|
||||
|
||||
public function load($id) {
|
||||
$this->data = $this->db->query('SELECT * FROM `houses` WHERE `id` = ' . $id )->fetch();
|
||||
foreach($this->data as $key => $value) {
|
||||
if(is_numeric($key)) {
|
||||
unset($this->data[$key]);
|
||||
}
|
||||
}
|
||||
$this->data = $this->db->query('SELECT * FROM `houses` WHERE `id` = ' . $id )->fetch(PDO::FETCH_ASSOC);
|
||||
}
|
||||
|
||||
public function find($name)
|
||||
|
||||
@@ -2,6 +2,10 @@
|
||||
|
||||
use MyAAC\Settings;
|
||||
|
||||
if (!$db->hasTable('players')) {
|
||||
return;
|
||||
}
|
||||
|
||||
$query = $db->query("SELECT `id` FROM `players` WHERE (`name` = " . $db->quote("Rook Sample") . " OR `name` = " . $db->quote("Sorcerer Sample") . " OR `name` = " . $db->quote("Druid Sample") . " OR `name` = " . $db->quote("Paladin Sample") . " OR `name` = " . $db->quote("Knight Sample") . " OR `name` = " . $db->quote("Account Manager") . ") ORDER BY `id`;");
|
||||
|
||||
$highscores_ignored_ids = array();
|
||||
|
||||
@@ -148,6 +148,10 @@ if($save)
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* two hooks for compatibility
|
||||
*/
|
||||
$hooks->trigger(HOOK_ACCOUNT_CREATE_AFTER_SUBMIT, $params);
|
||||
if (!$hooks->trigger(HOOK_ACCOUNT_CREATE_POST, $params)) {
|
||||
return;
|
||||
}
|
||||
@@ -187,6 +191,8 @@ if($save)
|
||||
$new_account->setEMail($email);
|
||||
$new_account->save();
|
||||
|
||||
$hooks->trigger(HOOK_ACCOUNT_CREATE_AFTER_SAVED, ['account' => $new_account]);
|
||||
|
||||
if(USE_ACCOUNT_SALT)
|
||||
$new_account->setCustomField('salt', $salt);
|
||||
|
||||
|
||||
@@ -8,6 +8,9 @@
|
||||
* @copyright 2023 MyAAC
|
||||
* @link https://my-aac.org
|
||||
*/
|
||||
|
||||
use MyAAC\RateLimit;
|
||||
|
||||
defined('MYAAC') or die('Direct access not allowed!');
|
||||
|
||||
// new login with data from form
|
||||
@@ -18,30 +21,13 @@ if($logged || !isset($_POST['account_login']) || !isset($_POST['password_login']
|
||||
$login_account = $_POST['account_login'];
|
||||
$login_password = $_POST['password_login'];
|
||||
$remember_me = isset($_POST['remember_me']);
|
||||
$ip = get_browser_real_ip();
|
||||
if(!empty($login_account) && !empty($login_password))
|
||||
{
|
||||
if($cache->enabled())
|
||||
{
|
||||
$tmp = '';
|
||||
if($cache->fetch('failed_logins', $tmp))
|
||||
{
|
||||
$tmp = unserialize($tmp);
|
||||
$to_remove = array();
|
||||
foreach($tmp as $ip => $t)
|
||||
{
|
||||
if(time() - $t['last'] >= 5 * 60)
|
||||
$to_remove[] = $ip;
|
||||
}
|
||||
|
||||
foreach($to_remove as $ip)
|
||||
unset($tmp[$ip]);
|
||||
}
|
||||
else
|
||||
$tmp = array();
|
||||
|
||||
$ip = $_SERVER['REMOTE_ADDR'];
|
||||
$t = $tmp[$ip] ?? null;
|
||||
}
|
||||
$limiter = new RateLimit('failed_logins', setting('core.account_login_attempts_limit'), setting('core.account_login_ban_time'));
|
||||
$limiter->enabled = setting('core.account_login_ipban_protection');
|
||||
$limiter->load();
|
||||
|
||||
$account_logged = new OTS_Account();
|
||||
if (config('account_login_by_email')) {
|
||||
@@ -56,14 +42,12 @@ if(!empty($login_account) && !empty($login_password))
|
||||
}
|
||||
}
|
||||
|
||||
if($account_logged->isLoaded() && encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $login_password) == $account_logged->getPassword()
|
||||
&& (!isset($t) || $t['attempts'] < 5)
|
||||
if($account_logged->isLoaded() && encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $login_password) == $account_logged->getPassword() && ($limiter->enabled && !$limiter->exceeded($ip))
|
||||
)
|
||||
{
|
||||
if (setting('core.account_mail_verify') && (int)$account_logged->getCustomField('email_verified') !== 1) {
|
||||
$errors[] = 'Your account is not verified. Please verify your email address. If the message is not coming check the SPAM folder in your E-Mail client.';
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
session_regenerate_id();
|
||||
setSession('account', $account_logged->getId());
|
||||
setSession('password', encrypt((USE_ACCOUNT_SALT ? $account_logged->getCustomField('salt') : '') . $login_password));
|
||||
@@ -87,38 +71,21 @@ if(!empty($login_account) && !empty($login_password))
|
||||
|
||||
$hooks->trigger(HOOK_LOGIN, array('account' => $account_logged, 'password' => $login_password, 'remember_me' => $remember_me));
|
||||
}
|
||||
|
||||
$limiter->reset($ip);
|
||||
}
|
||||
else
|
||||
{
|
||||
$hooks->trigger(HOOK_LOGIN_ATTEMPT, array('account' => $login_account, 'password' => $login_password, 'remember_me' => $remember_me));
|
||||
|
||||
$errorMessage = getAccountLoginByLabel() . ' or password is not correct.';
|
||||
$limiter->increment($ip);
|
||||
if ($limiter->exceeded($ip)) {
|
||||
$errorMessage = 'A wrong password has been entered ' . $limiter->max_attempts . ' times in a row. You are unable to log into your account for the next ' . $limiter->ttl . ' minutes. Please wait.';
|
||||
}
|
||||
|
||||
// temporary solution for blocking failed login attempts
|
||||
if($cache->enabled())
|
||||
{
|
||||
if(isset($t))
|
||||
{
|
||||
$t['attempts']++;
|
||||
$t['last'] = time();
|
||||
|
||||
if($t['attempts'] >= 5)
|
||||
$errors[] = 'A wrong password has been entered 5 times in a row. You are unable to log into your account for the next 5 minutes. Please wait.';
|
||||
else
|
||||
$errors[] = $errorMessage;
|
||||
}
|
||||
else
|
||||
{
|
||||
$t = array('attempts' => 1, 'last' => time());
|
||||
$errors[] = $errorMessage;
|
||||
}
|
||||
|
||||
$tmp[$ip] = $t;
|
||||
$cache->set('failed_logins', serialize($tmp), 60 * 60); // save for 1 hour
|
||||
}
|
||||
else {
|
||||
$errors[] = $errorMessage;
|
||||
}
|
||||
$errors[] = $errorMessage;
|
||||
|
||||
}
|
||||
}
|
||||
else {
|
||||
|
||||
@@ -17,532 +17,31 @@ if(!setting('core.mail_enabled'))
|
||||
return;
|
||||
}
|
||||
|
||||
$action_type = isset($_REQUEST['action_type']) ? $_REQUEST['action_type'] : '';
|
||||
if($action == '')
|
||||
{
|
||||
$action_type = $_REQUEST['action_type'] ?? '';
|
||||
if($action == '') {
|
||||
$twig->display('account.lost.form.html.twig');
|
||||
}
|
||||
else if($action == 'step1' && $action_type == '') {
|
||||
$twig->display('account.lost.noaction.html.twig');
|
||||
}
|
||||
elseif($action == 'step1' && $action_type == 'email')
|
||||
{
|
||||
$nick = stripslashes($_REQUEST['nick']);
|
||||
if(Validator::characterName($nick))
|
||||
{
|
||||
$player = new OTS_Player();
|
||||
$account = new OTS_Account();
|
||||
$player->find($nick);
|
||||
if($player->isLoaded())
|
||||
$account = $player->getAccount();
|
||||
|
||||
if($account->isLoaded())
|
||||
{
|
||||
if($account->getCustomField('email_next') < time())
|
||||
echo 'Please enter e-mail to account with this character.<BR>
|
||||
<form action="' . getLink('account/lost') . '?action=sendcode" method=post>
|
||||
<input type=hidden name="character">
|
||||
<table cellspacing=1 cellpadding=4 border=0 width=100%>
|
||||
<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Please enter e-mail to account</B></TD></TR>
|
||||
<TR><TD BGCOLOR="'.$config['darkborder'].'">
|
||||
Character: <INPUT TYPE=text NAME="nick" VALUE="'.$nick.'" SIZE="40" readonly="readonly"><BR>
|
||||
E-mail to account:<INPUT TYPE=text NAME="email" VALUE="" SIZE="40"><BR>
|
||||
</TD></TR>
|
||||
</TABLE>
|
||||
<BR>
|
||||
<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
|
||||
' . $twig->render('buttons.submit.html.twig') . '</div>
|
||||
</TD></TR></FORM></TABLE></TABLE>';
|
||||
else
|
||||
{
|
||||
$insec = (int)$account->getCustomField('email_next') - time();
|
||||
$minutesleft = floor($insec / 60);
|
||||
$secondsleft = $insec - ($minutesleft * 60);
|
||||
$timeleft = $minutesleft.' minutes '.$secondsleft.' seconds';
|
||||
echo 'Account of selected character (<b>'.$nick.'</b>) received e-mail in last '.ceil(setting('core.mail_lost_account_interval') / 60).' minutes. You must wait '.$timeleft.' before you can use Lost Account Interface again.';
|
||||
}
|
||||
}
|
||||
else
|
||||
echo 'Player or account of player <b>' . $nick . '</b> doesn\'t exist.';
|
||||
}
|
||||
else
|
||||
echo 'Invalid player name format. If you have other characters on account try with other name.';
|
||||
echo '<BR /><TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
|
||||
<a href="' . getLink('account/lost') . '" border="0"><IMG SRC="'.$template_path.'/images/global/buttons/sbutton_back.gif" NAME="Back" ALT="Back" BORDER=0 WIDTH=120 HEIGHT=18></a></div>
|
||||
</TD></TR></FORM></TABLE></TABLE>';
|
||||
elseif($action == 'step1' && $action_type == 'email') {
|
||||
require PAGES . 'account/lost/step1-email.php';
|
||||
}
|
||||
elseif($action == 'sendcode')
|
||||
{
|
||||
$email = $_REQUEST['email'];
|
||||
$nick = stripslashes($_REQUEST['nick']);
|
||||
if(Validator::characterName($nick))
|
||||
{
|
||||
$player = new OTS_Player();
|
||||
$account = new OTS_Account();
|
||||
$player->find($nick);
|
||||
if($player->isLoaded())
|
||||
$account = $player->getAccount();
|
||||
|
||||
if($account->isLoaded())
|
||||
{
|
||||
if($account->getCustomField('email_next') < time())
|
||||
{
|
||||
if($account->getEMail() == $email)
|
||||
{
|
||||
$newcode = generateRandomString(30, true, false, true);
|
||||
$mailBody = '
|
||||
You asked to reset your ' . $config['lua']['serverName'] . ' password.<br/>
|
||||
<p>Account name: '.$account->getName().'</p>
|
||||
<br />
|
||||
To do so, please click this link:
|
||||
<p><a href="' . getLink('account/lost') . '?action=checkcode&code='.$newcode.'&character='.urlencode($nick).'">' . getLink('account/lost') . '?action=checkcode&code='.$newcode.'&character='.urlencode($nick).'</a></p>
|
||||
<p>or open page: <i>' . getLink('account/lost') . '?action=checkcode</i> and in field "code" write <b>'.$newcode.'</b></p>
|
||||
<br/>
|
||||
<p>If you did not request a password change, you may ignore this message and your password will remain unchanged.';
|
||||
|
||||
$account_mail = $account->getCustomField('email');
|
||||
if(_mail($account_mail, $config['lua']['serverName'].' - Recover your account', $mailBody))
|
||||
{
|
||||
$account->setCustomField('email_code', $newcode);
|
||||
$account->setCustomField('email_next', (time() + setting('core.mail_lost_account_interval')));
|
||||
echo '<br />Details about steps required to recover your account has been sent to <b>' . $account_mail . '</b>. You should receive this email within 15 minutes. Please check your inbox/spam directory.';
|
||||
}
|
||||
else
|
||||
{
|
||||
$account->setCustomField('email_next', (time() + 60));
|
||||
echo '<br /><p class="error">An error occurred while sending email! Try again later or contact with admin. For Admin: More info can be found in system/logs/mailer-error.log</p>';
|
||||
}
|
||||
}
|
||||
else
|
||||
echo 'Invalid e-mail to account of character <b>'.$nick.'</b>. Try again.';
|
||||
}
|
||||
else
|
||||
{
|
||||
$insec = (int)$account->getCustomField('email_next') - time();
|
||||
$minutesleft = floor($insec / 60);
|
||||
$secondsleft = $insec - ($minutesleft * 60);
|
||||
$timeleft = $minutesleft.' minutes '.$secondsleft.' seconds';
|
||||
echo 'Account of selected character (<b>'.$nick.'</b>) received e-mail in last '.ceil(setting('core.mail_lost_account_interval') / 60).' minutes. You must wait '.$timeleft.' before you can use Lost Account Interface again.';
|
||||
}
|
||||
}
|
||||
else
|
||||
echo 'Player or account of player <b>'.$nick.'</b> doesn\'t exist.';
|
||||
}
|
||||
else
|
||||
echo 'Invalid player name format. If you have other characters on account try with other name.';
|
||||
echo '<BR /><TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
|
||||
<a href="' . getLink('account/lost') . '?action=step1&action_type=email&nick='.urlencode($nick).'" border="0"><IMG SRC="'.$template_path.'/images/global/buttons/sbutton_back.gif" NAME="Back" ALT="Back" BORDER=0 WIDTH=120 HEIGHT=18></a></div>
|
||||
</TD></TR></FORM></TABLE></TABLE>';
|
||||
elseif($action == 'send-code') {
|
||||
require PAGES . 'account/lost/send-code.php';
|
||||
}
|
||||
elseif($action == 'step1' && $action_type == 'reckey')
|
||||
{
|
||||
$nick = stripslashes($_REQUEST['nick']);
|
||||
if(Validator::characterName($nick))
|
||||
{
|
||||
$player = new OTS_Player();
|
||||
$account = new OTS_Account();
|
||||
$player->find($nick);
|
||||
if($player->isLoaded())
|
||||
$account = $player->getAccount();
|
||||
if($account->isLoaded())
|
||||
{
|
||||
$account_key = $account->getCustomField('key');
|
||||
if(!empty($account_key))
|
||||
{
|
||||
echo 'If you enter right recovery key you will see form to set new e-mail and password to account. To this e-mail will be send your new password and account name.<BR>
|
||||
<FORM ACTION="' . getLink('account/lost') . '?action=step2" METHOD=post>
|
||||
<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
|
||||
<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Please enter your recovery key</B></TD></TR>
|
||||
<TR><TD BGCOLOR="'.$config['darkborder'].'">
|
||||
Character name: <INPUT TYPE=text NAME="nick" VALUE="'.$nick.'" SIZE="40" readonly="readonly"><BR />
|
||||
Recovery key: <INPUT TYPE=text NAME="key" VALUE="" SIZE="40"><BR>
|
||||
</TD></TR>
|
||||
</TABLE>
|
||||
<BR>
|
||||
<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
|
||||
' . $twig->render('buttons.submit.html.twig') . '</div>
|
||||
</TD></TR></FORM></TABLE></TABLE>';
|
||||
}
|
||||
else
|
||||
echo 'Account of this character has no recovery key!';
|
||||
}
|
||||
else
|
||||
echo 'Player or account of player <b>'.$nick.'</b> doesn\'t exist.';
|
||||
}
|
||||
else
|
||||
echo 'Invalid player name format. If you have other characters on account try with other name.';
|
||||
echo '<BR /><TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
|
||||
<a href="' . getLink('account/lost') . '" border="0"><IMG SRC="'.$template_path.'/images/global/buttons/sbutton_back.gif" NAME="Back" ALT="Back" BORDER=0 WIDTH=120 HEIGHT=18></a></div>
|
||||
</TD></TR></FORM></TABLE></TABLE>';
|
||||
elseif($action == 'step1' && $action_type == 'reckey') {
|
||||
require PAGES . 'account/lost/step1-reckey.php';
|
||||
}
|
||||
elseif($action == 'step2')
|
||||
{
|
||||
$rec_key = trim($_REQUEST['key']);
|
||||
$nick = stripslashes($_REQUEST['nick']);
|
||||
if(Validator::characterName($nick))
|
||||
{
|
||||
$player = new OTS_Player();
|
||||
$account = new OTS_Account();
|
||||
$player->find($nick);
|
||||
if($player->isLoaded())
|
||||
$account = $player->getAccount();
|
||||
if($account->isLoaded())
|
||||
{
|
||||
$account_key = $account->getCustomField('key');
|
||||
if(!empty($account_key))
|
||||
{
|
||||
if($account_key == $rec_key)
|
||||
{
|
||||
echo '<script type="text/javascript">
|
||||
function validate_required(field,alerttxt)
|
||||
{
|
||||
with (field)
|
||||
{
|
||||
if (value==null||value==""||value==" ")
|
||||
{alert(alerttxt);return false;}
|
||||
else {return true}
|
||||
}
|
||||
}
|
||||
function validate_email(field,alerttxt)
|
||||
{
|
||||
with (field)
|
||||
{
|
||||
apos=value.indexOf("@");
|
||||
dotpos=value.lastIndexOf(".");
|
||||
if (apos<1||dotpos-apos<2)
|
||||
{alert(alerttxt);return false;}
|
||||
else {return true;}
|
||||
}
|
||||
}
|
||||
function validate_form(thisform)
|
||||
{
|
||||
with (thisform)
|
||||
{
|
||||
if (validate_required(email,"Please enter your e-mail!")==false)
|
||||
{email.focus();return false;}
|
||||
if (validate_email(email,"Invalid e-mail format!")==false)
|
||||
{email.focus();return false;}
|
||||
if (validate_required(passor,"Please enter password!")==false)
|
||||
{passor.focus();return false;}
|
||||
if (validate_required(passor2,"Please repeat password!")==false)
|
||||
{passor2.focus();return false;}
|
||||
if (passor2.value!=passor.value)
|
||||
{alert(\'Repeated password is not equal to password!\');return false;}
|
||||
}
|
||||
}
|
||||
</script>';
|
||||
echo 'Set new password and e-mail to your account.<BR>
|
||||
<FORM ACTION="' . getLink('account/lost') . '?action=step3" onsubmit="return validate_form(this)" METHOD=post>
|
||||
<INPUT TYPE=hidden NAME="character" VALUE="">
|
||||
<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
|
||||
<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Please enter new password and e-mail</B></TD></TR>
|
||||
<TR><TD BGCOLOR="'.$config['darkborder'].'">
|
||||
Account of character: <INPUT TYPE=text NAME="nick" VALUE="'.$nick.'" SIZE="40" readonly="readonly"><BR />
|
||||
New password: <INPUT id="passor" TYPE=password NAME="passor" VALUE="" SIZE="40"><BR>
|
||||
Repeat new password: <INPUT id="passor2" TYPE=password NAME="passor" VALUE="" SIZE="40"><BR>
|
||||
New e-mail address: <INPUT id="email" TYPE=text NAME="email" VALUE="" SIZE="40"><BR>
|
||||
<INPUT TYPE=hidden NAME="key" VALUE="'.$rec_key.'">
|
||||
</TD></TR>
|
||||
</TABLE>
|
||||
<BR>
|
||||
<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
|
||||
' . $twig->render('buttons.submit.html.twig') . '</div>
|
||||
</TD></TR></FORM></TABLE></TABLE>';
|
||||
}
|
||||
else
|
||||
echo 'Wrong recovery key!';
|
||||
}
|
||||
else
|
||||
echo 'Account of this character has no recovery key!';
|
||||
}
|
||||
else
|
||||
echo 'Player or account of player <b>'.$nick.'</b> doesn\'t exist.';
|
||||
}
|
||||
else
|
||||
echo 'Invalid player name format. If you have other characters on account try with other name.';
|
||||
echo '<BR /><TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
|
||||
<a href="' . getLink('account/lost') . '?action=step1&action_type=reckey&nick='.urlencode($nick).'" border="0"><IMG SRC="'.$template_path.'/images/global/buttons/sbutton_back.gif" NAME="Back" ALT="Back" BORDER=0 WIDTH=120 HEIGHT=18></a></div>
|
||||
</TD></TR></FORM></TABLE></TABLE>';
|
||||
elseif($action == 'step2') {
|
||||
require PAGES . 'account/lost/step2.php';
|
||||
}
|
||||
elseif($action == 'step3')
|
||||
{
|
||||
$rec_key = trim($_REQUEST['key']);
|
||||
$nick = stripslashes($_REQUEST['nick']);
|
||||
$new_pass = trim($_REQUEST['passor']);
|
||||
$new_email = trim($_REQUEST['email']);
|
||||
if(Validator::characterName($nick))
|
||||
{
|
||||
$player = new OTS_Player();
|
||||
$account = new OTS_Account();
|
||||
$player->find($nick);
|
||||
if($player->isLoaded())
|
||||
$account = $player->getAccount();
|
||||
if($account->isLoaded())
|
||||
{
|
||||
$account_key = $account->getCustomField('key');
|
||||
if(!empty($account_key))
|
||||
{
|
||||
if($account_key == $rec_key)
|
||||
{
|
||||
if(Validator::password($new_pass))
|
||||
{
|
||||
if(Validator::email($new_email))
|
||||
{
|
||||
$account->setEMail($new_email);
|
||||
|
||||
$tmp_new_pass = $new_pass;
|
||||
if(USE_ACCOUNT_SALT)
|
||||
{
|
||||
$salt = generateRandomString(10, false, true, true);
|
||||
$tmp_new_pass = $salt . $new_pass;
|
||||
}
|
||||
|
||||
$account->setPassword(encrypt($tmp_new_pass));
|
||||
$account->save();
|
||||
|
||||
if(USE_ACCOUNT_SALT)
|
||||
$account->setCustomField('salt', $salt);
|
||||
|
||||
echo 'Your account name, new password and new e-mail.<BR>
|
||||
<FORM ACTION="' . getLink('account/manage') . '" onsubmit="return validate_form(this)" METHOD=post>
|
||||
<INPUT TYPE=hidden NAME="character" VALUE="">
|
||||
<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
|
||||
<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Your account name, new password and new e-mail</B></TD></TR>
|
||||
<TR><TD BGCOLOR="'.$config['darkborder'].'">
|
||||
Account name: <b>'.$account->getName().'</b><BR>
|
||||
New password: <b>'.$new_pass.'</b><BR>
|
||||
New e-mail address: <b>'.$new_email.'</b><BR>';
|
||||
if($account->getCustomField('email_next') < time())
|
||||
{
|
||||
$mailBody = '
|
||||
<h3>Your account name and new password!</h3>
|
||||
<p>Changed password and e-mail to your account in Lost Account Interface on server <a href="'.BASE_URL.'"><b>'.$config['lua']['serverName'].'</b></a></p>
|
||||
<p>Account name: <b>'.$account->getName().'</b></p>
|
||||
<p>New password: <b>'.$new_pass.'</b></p>
|
||||
<p>E-mail: <b>'.$new_email.'</b> (this e-mail)</p>
|
||||
<br />
|
||||
<p><u>It\'s automatic e-mail from OTS Lost Account System. Do not reply!</u></p>';
|
||||
|
||||
if(_mail($account->getCustomField('email'), $config['lua']['serverName']." - New password to your account", $mailBody))
|
||||
{
|
||||
echo '<br /><small>Sent e-mail with your account name and password to new e-mail. You should receive this e-mail in 15 minutes. You can login now with new password!</small>';
|
||||
}
|
||||
else
|
||||
{
|
||||
echo '<br /><p class="error">An error occurred while sending email! You will not receive e-mail with this informations. For Admin: More info can be found in system/logs/mailer-error.log</p>';
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
echo '<br /><small>You will not receive e-mail with this informations.</small>';
|
||||
}
|
||||
echo '<INPUT TYPE=hidden NAME="account_login" VALUE="'.$account->getId().'">
|
||||
<INPUT TYPE=hidden NAME="password_login" VALUE="'.$new_pass.'">
|
||||
</TD></TR></TABLE><BR>
|
||||
<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
|
||||
<INPUT TYPE=image NAME="Login" ALT="Login" SRC="'.$template_path.'/images/global/buttons/sbutton_login.gif" BORDER=0 WIDTH=120 HEIGHT=18></div>
|
||||
</TD></TR></FORM></TABLE></TABLE>';
|
||||
}
|
||||
else
|
||||
echo Validator::getLastError();
|
||||
}
|
||||
else
|
||||
echo Validator::getLastError();
|
||||
}
|
||||
else
|
||||
echo 'Wrong recovery key!';
|
||||
}
|
||||
else
|
||||
echo 'Account of this character has no recovery key!';
|
||||
}
|
||||
else
|
||||
echo 'Player or account of player <b>'.$nick.'</b> doesn\'t exist.';
|
||||
}
|
||||
else
|
||||
echo 'Invalid player name format. If you have other characters on account try with other name.';
|
||||
echo '<BR /><TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
|
||||
<a href="' . getLink('account/lost') . '?action=step1&action_type=reckey&nick='.urlencode($nick).'" border="0"><IMG SRC="'.$template_path.'/images/global/buttons/sbutton_back.gif" NAME="Back" ALT="Back" BORDER=0 WIDTH=120 HEIGHT=18></a></div>
|
||||
</TD></TR></FORM></TABLE></TABLE>';
|
||||
elseif($action == 'step3') {
|
||||
require PAGES . 'account/lost/step3.php';
|
||||
}
|
||||
elseif($action == 'checkcode')
|
||||
{
|
||||
$code = trim($_REQUEST['code']);
|
||||
$character = stripslashes(trim($_REQUEST['character']));
|
||||
if(empty($code) || empty($character))
|
||||
echo 'Please enter code from e-mail and name of one character from account. Then press Submit.<BR>
|
||||
<FORM ACTION="' . getLink('account/lost') . '?action=checkcode" METHOD=post>
|
||||
<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
|
||||
<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Code & character name</B></TD></TR>
|
||||
<TR><TD BGCOLOR="'.$config['darkborder'].'">
|
||||
Your code: <INPUT TYPE=text NAME="code" VALUE="" SIZE="40")><BR />
|
||||
Character: <INPUT TYPE=text NAME="character" VALUE="" SIZE="40")><BR />
|
||||
</TD></TR>
|
||||
</TABLE>
|
||||
<BR>
|
||||
<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
|
||||
' . $twig->render('buttons.submit.html.twig') . '</div>
|
||||
</TD></TR></FORM></TABLE></TABLE>';
|
||||
else
|
||||
{
|
||||
$player = new OTS_Player();
|
||||
$account = new OTS_Account();
|
||||
$player->find($character);
|
||||
if($player->isLoaded())
|
||||
$account = $player->getAccount();
|
||||
if($account->isLoaded())
|
||||
{
|
||||
if($account->getCustomField('email_code') == $code)
|
||||
{
|
||||
echo '<script type="text/javascript">
|
||||
function validate_required(field,alerttxt)
|
||||
{
|
||||
with (field)
|
||||
{
|
||||
if (value==null||value==""||value==" ")
|
||||
{alert(alerttxt);return false;}
|
||||
else {return true}
|
||||
}
|
||||
}
|
||||
|
||||
function validate_form(thisform)
|
||||
{
|
||||
with (thisform)
|
||||
{
|
||||
if (validate_required(passor,"Please enter password!")==false)
|
||||
{passor.focus();return false;}
|
||||
if (validate_required(passor2,"Please repeat password!")==false)
|
||||
{passor2.focus();return false;}
|
||||
if (passor2.value!=passor.value)
|
||||
{alert(\'Repeated password is not equal to password!\');return false;}
|
||||
}
|
||||
}
|
||||
</script>
|
||||
Please enter new password to your account and repeat to make sure you remember password.<BR>
|
||||
<FORM ACTION="' . getLink('account/lost') . '?action=setnewpassword" onsubmit="return validate_form(this)" METHOD=post>
|
||||
<INPUT TYPE=hidden NAME="character" VALUE="'.$character.'">
|
||||
<INPUT TYPE=hidden NAME="code" VALUE="'.$code.'">
|
||||
<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
|
||||
<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Code & account name</B></TD></TR>
|
||||
<TR><TD BGCOLOR="'.$config['darkborder'].'">
|
||||
New password: <INPUT TYPE=password ID="passor" NAME="passor" VALUE="" SIZE="40")><BR />
|
||||
Repeat new password: <INPUT TYPE=password ID="passor2" NAME="passor2" VALUE="" SIZE="40")><BR />
|
||||
</TD></TR>
|
||||
</TABLE>
|
||||
<BR>
|
||||
<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
|
||||
' . $twig->render('buttons.submit.html.twig') . '</div>
|
||||
</TD></TR></FORM></TABLE></TABLE>';
|
||||
}
|
||||
else
|
||||
$error= 'Wrong code to change password.';
|
||||
}
|
||||
else
|
||||
$error = 'Account of this character or this character doesn\'t exist.';
|
||||
}
|
||||
if(!empty($error))
|
||||
echo '<span style="color: red"><b>'.$error.'</b></span><br />Please enter code from e-mail and name of one character from account. Then press Submit.<BR>
|
||||
<FORM ACTION="' . getLink('account/lost') . '?action=checkcode" METHOD=post>
|
||||
<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
|
||||
<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Code & character name</B></TD></TR>
|
||||
<TR><TD BGCOLOR="'.$config['darkborder'].'">
|
||||
Your code: <INPUT TYPE=text NAME="code" VALUE="" SIZE="40")><BR />
|
||||
Character: <INPUT TYPE=text NAME="character" VALUE="" SIZE="40")><BR />
|
||||
</TD></TR>
|
||||
</TABLE>
|
||||
<BR>
|
||||
<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
|
||||
' . $twig->render('buttons.submit.html.twig') . '</div>
|
||||
</TD></TR></FORM></TABLE></TABLE>';
|
||||
elseif($action == 'check-code') {
|
||||
require PAGES . 'account/lost/check-code.php';
|
||||
}
|
||||
elseif($action == 'setnewpassword')
|
||||
{
|
||||
$newpassword = $_REQUEST['passor'];
|
||||
$code = $_REQUEST['code'];
|
||||
$character = stripslashes($_REQUEST['character']);
|
||||
echo '';
|
||||
if(empty($code) || empty($character) || empty($newpassword))
|
||||
echo '<span style="color: red"><b>Error. Try again.</b></span><br />Please enter code from e-mail and name of one character from account. Then press Submit.<BR>
|
||||
<BR><FORM ACTION="' . getLink('account/lost') . '?action=checkcode" METHOD=post>
|
||||
<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
|
||||
<INPUT TYPE=image NAME="Back" ALT="Back" SRC="'.$template_path.'/images/global/buttons/sbutton_back.gif" BORDER=0 WIDTH=120 HEIGHT=18></div>
|
||||
</TD></TR></FORM></TABLE></TABLE>';
|
||||
else
|
||||
{
|
||||
$player = new OTS_Player();
|
||||
$account = new OTS_Account();
|
||||
$player->find($character);
|
||||
if($player->isLoaded())
|
||||
$account = $player->getAccount();
|
||||
if($account->isLoaded())
|
||||
{
|
||||
if($account->getCustomField('email_code') == $code)
|
||||
{
|
||||
if(Validator::password($newpassword))
|
||||
{
|
||||
$tmp_new_pass = $newpassword;
|
||||
if(USE_ACCOUNT_SALT)
|
||||
{
|
||||
$salt = generateRandomString(10, false, true, true);
|
||||
$tmp_new_pass = $salt . $newpassword;
|
||||
$account->setCustomField('salt', $salt);
|
||||
}
|
||||
|
||||
$account->setPassword(encrypt($tmp_new_pass ));
|
||||
$account->save();
|
||||
$account->setCustomField('email_code', '');
|
||||
echo 'New password to your account is below. Now you can login.<BR>
|
||||
<INPUT TYPE=hidden NAME="character" VALUE="'.$character.'">
|
||||
<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
|
||||
<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Changed password</B></TD></TR>
|
||||
<TR><TD BGCOLOR="'.$config['darkborder'].'">
|
||||
New password: <b>'.$newpassword.'</b><BR />
|
||||
Account name: <i>(Already on your e-mail)</i><BR />';
|
||||
|
||||
$mailBody = '
|
||||
<h3>Your account name and password!</h3>
|
||||
<p>Changed password to your account in Lost Account Interface on server <a href="'.BASE_URL.'"><b>'.$config['lua']['serverName'].'</b></a></p>
|
||||
<p>Account name: <b>'.$account->getName().'</b></p>
|
||||
<p>New password: <b>'.$newpassword.'</b></p>
|
||||
<br />
|
||||
<p><u>It\'s automatic e-mail from OTS Lost Account System. Do not reply!</u></p>';
|
||||
|
||||
if(_mail($account->getCustomField('email'), $config['lua']['serverName']." - Your new password", $mailBody))
|
||||
{
|
||||
echo '<br /><small>New password work! Sent e-mail with your password and account name. You should receive this e-mail in 15 minutes. You can login now with new password!';
|
||||
}
|
||||
else
|
||||
{
|
||||
echo '<br /><p class="error">New password work! An error occurred while sending email! You will not receive e-mail with new password. For Admin: More info can be found in system/logs/mailer-error.log';
|
||||
}
|
||||
echo '</TD></TR>
|
||||
</TABLE>
|
||||
<BR>
|
||||
<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
|
||||
<FORM ACTION="' . getLink('account/manage') . '" METHOD=post>
|
||||
<INPUT TYPE=image NAME="Login" ALT="Login" SRC="'.$template_path.'/images/global/buttons/sbutton_login.gif" BORDER=0 WIDTH=120 HEIGHT=18></div>
|
||||
</TD></TR></FORM></TABLE></TABLE>';
|
||||
}
|
||||
else
|
||||
$error= Validator::getLastError();
|
||||
}
|
||||
else
|
||||
$error= 'Wrong code to change password.';
|
||||
}
|
||||
else
|
||||
$error = 'Account of this character or this character doesn\'t exist.';
|
||||
}
|
||||
if(!empty($error))
|
||||
echo '<span style="color: red"><b>'.$error.'</b></span><br />Please enter code from e-mail and name of one character from account. Then press Submit.<BR>
|
||||
<FORM ACTION="' . getLink('account/lost') . '?action=checkcode" METHOD=post>
|
||||
<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
|
||||
<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Code & character name</B></TD></TR>
|
||||
<TR><TD BGCOLOR="'.$config['darkborder'].'">
|
||||
Your code: <INPUT TYPE=text NAME="code" VALUE="" SIZE="40")><BR />
|
||||
Character: <INPUT TYPE=text NAME="character" VALUE="" SIZE="40")><BR />
|
||||
</TD></TR>
|
||||
</TABLE>
|
||||
<BR>
|
||||
<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
|
||||
' . $twig->render('buttons.submit.html.twig') . '</div>
|
||||
</TD></TR></FORM></TABLE></TABLE>';
|
||||
elseif($action == 'set-new-password') {
|
||||
require PAGES . 'account/lost/set-new-password.php';
|
||||
}
|
||||
|
||||
57
system/pages/account/lost/check-code.php
Normal file
57
system/pages/account/lost/check-code.php
Normal file
@@ -0,0 +1,57 @@
|
||||
<?php
|
||||
$code = isset($_REQUEST['code']) ? trim($_REQUEST['code']) : '';
|
||||
$character = isset($_REQUEST['character']) ? stripslashes(trim($_REQUEST['character'])) : '';
|
||||
|
||||
if(empty($code) || empty($character))
|
||||
$twig->display('account.lost.check-code.html.twig', [
|
||||
'code' => $code,
|
||||
'characters' => $character,
|
||||
]);
|
||||
else
|
||||
{
|
||||
$player = new OTS_Player();
|
||||
$account = new OTS_Account();
|
||||
$player->find($character);
|
||||
if($player->isLoaded()) {
|
||||
$account = $player->getAccount();
|
||||
}
|
||||
|
||||
if($account->isLoaded()) {
|
||||
if($account->getCustomField('email_code') == $code) {
|
||||
echo '
|
||||
Please enter new password to your account and repeat to make sure you remember password.<BR>
|
||||
<FORM ACTION="' . getLink('account/lost') . '?action=setnewpassword" METHOD=post>
|
||||
<INPUT TYPE=hidden NAME="character" VALUE="'.$character.'">
|
||||
<INPUT TYPE=hidden NAME="code" VALUE="'.$code.'">
|
||||
<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
|
||||
<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Passwords</B></TD></TR>
|
||||
<TR><TD BGCOLOR="'.$config['darkborder'].'">
|
||||
New password: <INPUT TYPE=password ID="passor" NAME="passor" VALUE="" SIZE="40"><BR />
|
||||
Repeat new password: <INPUT TYPE=password ID="passor2" NAME="passor2" VALUE="" SIZE="40"><BR />
|
||||
</TD></TR>
|
||||
</TABLE>
|
||||
<BR>
|
||||
<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
|
||||
' . $twig->render('buttons.submit.html.twig') . '</div>
|
||||
</TD></TR></FORM></TABLE></TABLE>';
|
||||
}
|
||||
else {
|
||||
$error = 'Wrong code to change password.';
|
||||
}
|
||||
}
|
||||
else {
|
||||
$error = "Account of this character or this character doesn't exist.";
|
||||
}
|
||||
}
|
||||
|
||||
if(!empty($error)) {
|
||||
$twig->display('error_box.html.twig', [
|
||||
'errors' => [$error],
|
||||
]);
|
||||
|
||||
echo '<br/>';
|
||||
|
||||
$twig->display('account.lost.check-code.html.twig', [
|
||||
|
||||
]);
|
||||
}
|
||||
56
system/pages/account/lost/send-code.php
Normal file
56
system/pages/account/lost/send-code.php
Normal file
@@ -0,0 +1,56 @@
|
||||
<?php
|
||||
|
||||
$email = $_REQUEST['email'];
|
||||
$nick = stripslashes($_REQUEST['nick']);
|
||||
|
||||
$player = new OTS_Player();
|
||||
$account = new OTS_Account();
|
||||
$player->find($nick);
|
||||
if($player->isLoaded()) {
|
||||
$account = $player->getAccount();
|
||||
}
|
||||
|
||||
if($account->isLoaded()) {
|
||||
if($account->getCustomField('email_next') < time()) {
|
||||
if($account->getEMail() == $email) {
|
||||
$newCode = generateRandomString(30, true, false, true);
|
||||
$mailBody = $twig->render('mail.account.lost.code.html.twig', [
|
||||
'newCode' => $newCode,
|
||||
'account' => $account,
|
||||
'nick' => $nick,
|
||||
]);
|
||||
|
||||
$accountEMail = $account->getCustomField('email');
|
||||
if(_mail($accountEMail, configLua('serverName') . ' - Recover your account', $mailBody)) {
|
||||
$account->setCustomField('email_code', $newCode);
|
||||
$account->setCustomField('email_next', (time() + setting('core.mail_lost_account_interval')));
|
||||
|
||||
echo '<br />Details about steps required to recover your account has been sent to <b>' . $accountEMail . '</b>. You should receive this email within 15 minutes. Please check your inbox/spam directory.';
|
||||
}
|
||||
else {
|
||||
$account->setCustomField('email_next', (time() + 60));
|
||||
error('An error occurred while sending email! Try again later or contact with admin. For Admin: More info can be found in system/logs/mailer-error.log</p>');
|
||||
}
|
||||
}
|
||||
else {
|
||||
echo 'Invalid e-mail to account of character <b>' . htmlspecialchars($nick) . '</b>. Try again.';
|
||||
}
|
||||
}
|
||||
else {
|
||||
$insec = (int)$account->getCustomField('email_next') - time();
|
||||
$minutesleft = floor($insec / 60);
|
||||
$secondsleft = $insec - ($minutesleft * 60);
|
||||
$timeleft = $minutesleft.' minutes '.$secondsleft.' seconds';
|
||||
|
||||
echo 'Account of selected character (<b>' . htmlspecialchars($nick) . '</b>) received e-mail in last '.ceil(setting('core.mail_lost_account_interval') / 60) . ' minutes. You must wait '.$timeleft.' before you can use Lost Account Interface again.';
|
||||
}
|
||||
}
|
||||
else {
|
||||
echo "Player or account of player <b>" . htmlspecialchars($nick) . "</b> doesn't exist.";
|
||||
}
|
||||
|
||||
$twig->display('account.back_button.html.twig', [
|
||||
'new_line' => true,
|
||||
'center' => true,
|
||||
'action' => getLink('account/lost') . '?action=step1&action_type=email&nick=' . urlencode($nick),
|
||||
]);
|
||||
81
system/pages/account/lost/set-new-password.php
Normal file
81
system/pages/account/lost/set-new-password.php
Normal file
@@ -0,0 +1,81 @@
|
||||
<?php
|
||||
$newPassword = $_REQUEST['passor'];
|
||||
$code = $_REQUEST['code'];
|
||||
$character = stripslashes($_REQUEST['character']);
|
||||
|
||||
if(empty($code) || empty($character) || empty($newPassword)) {
|
||||
echo '<span style="color: red"><b>Error. Try again.</b></span><br/>Please enter code from e-mail and name of one character from account. Then press Submit.<br>';
|
||||
|
||||
$twig->display('account.back_button.html.twig', [
|
||||
'new_line' => true,
|
||||
'center' => true,
|
||||
'action' => getLink('account/lost') . '?action=check-code',
|
||||
]);
|
||||
}
|
||||
else
|
||||
{
|
||||
$player = new OTS_Player();
|
||||
$account = new OTS_Account();
|
||||
$player->find($character);
|
||||
if($player->isLoaded()) {
|
||||
$account = $player->getAccount();
|
||||
}
|
||||
|
||||
if($account->isLoaded())
|
||||
{
|
||||
if($account->getCustomField('email_code') == $code)
|
||||
{
|
||||
if(Validator::password($newPassword))
|
||||
{
|
||||
$tmp_new_pass = $newPassword;
|
||||
if(USE_ACCOUNT_SALT)
|
||||
{
|
||||
$salt = generateRandomString(10, false, true, true);
|
||||
$tmp_new_pass = $salt . $newPassword;
|
||||
$account->setCustomField('salt', $salt);
|
||||
}
|
||||
|
||||
$account->setPassword(encrypt($tmp_new_pass));
|
||||
$account->save();
|
||||
$account->setCustomField('email_code', '');
|
||||
|
||||
$mailBody = $twig->render('mail.account.lost.new-password.html.twig', [
|
||||
'account' => $account,
|
||||
'newPassword' => $newPassword,
|
||||
]);
|
||||
|
||||
$statusMsg = '';
|
||||
if(_mail($account->getCustomField('email'), configLua('serverName') . ' - Your new password', $mailBody)) {
|
||||
$statusMsg = '<br /><small>New password work! Sent e-mail with your password and account name. You should receive this e-mail in 15 minutes. You can login now with new password!';
|
||||
}
|
||||
else {
|
||||
$statusMsg = '<br /><p class="error">New password work! An error occurred while sending email! You will not receive e-mail with new password. For Admin: More info can be found in system/logs/mailer-error.log';
|
||||
}
|
||||
|
||||
$twig->display('account.lost.finish.new-password.html.twig', [
|
||||
'statusMsg' => $statusMsg,
|
||||
'newPassword' => $newPassword,
|
||||
]);
|
||||
}
|
||||
else
|
||||
$error= Validator::getLastError();
|
||||
}
|
||||
else
|
||||
$error= 'Wrong code to change password.';
|
||||
}
|
||||
else
|
||||
$error = 'Account of this character or this character doesn\'t exist.';
|
||||
}
|
||||
|
||||
if(!empty($error)) {
|
||||
$twig->display('error_box.html.twig', [
|
||||
'errors' => [$error],
|
||||
]);
|
||||
|
||||
echo '<br/>';
|
||||
|
||||
$twig->display('account.lost.check-code.html.twig', [
|
||||
'code' => $code,
|
||||
'character' => $character,
|
||||
]);
|
||||
}
|
||||
36
system/pages/account/lost/step1-email.php
Normal file
36
system/pages/account/lost/step1-email.php
Normal file
@@ -0,0 +1,36 @@
|
||||
<?php
|
||||
|
||||
$nick = stripslashes($_REQUEST['nick']);
|
||||
|
||||
$player = new OTS_Player();
|
||||
$account = new OTS_Account();
|
||||
$player->find($nick);
|
||||
if($player->isLoaded()) {
|
||||
$account = $player->getAccount();
|
||||
}
|
||||
|
||||
if($account->isLoaded()) {
|
||||
if($account->getCustomField('email_next') < time()) {
|
||||
$twig->display('account.lost.step1-email.html.twig', [
|
||||
'nick' => $nick,
|
||||
]);
|
||||
}
|
||||
else
|
||||
{
|
||||
$insec = (int)$account->getCustomField('email_next') - time();
|
||||
$minutesleft = floor($insec / 60);
|
||||
$secondsleft = $insec - ($minutesleft * 60);
|
||||
$timeleft = $minutesleft.' minutes '.$secondsleft.' seconds';
|
||||
|
||||
echo 'Account of selected character (<b>'.$nick.'</b>) received e-mail in last '.ceil(setting('core.mail_lost_account_interval') / 60).' minutes. You must wait '.$timeleft.' before you can use Lost Account Interface again.';
|
||||
}
|
||||
}
|
||||
else {
|
||||
echo "Player or account of player <b>" . htmlspecialchars($nick) . "</b> doesn't exist.";
|
||||
}
|
||||
|
||||
$twig->display('account.back_button.html.twig', [
|
||||
'new_line' => true,
|
||||
'center' => true,
|
||||
'action' => getLink('account/lost'),
|
||||
]);
|
||||
39
system/pages/account/lost/step1-reckey.php
Normal file
39
system/pages/account/lost/step1-reckey.php
Normal file
@@ -0,0 +1,39 @@
|
||||
<?php
|
||||
$nick = stripslashes($_REQUEST['nick']);
|
||||
|
||||
$player = new OTS_Player();
|
||||
$account = new OTS_Account();
|
||||
$player->find($nick);
|
||||
if($player->isLoaded())
|
||||
$account = $player->getAccount();
|
||||
if($account->isLoaded())
|
||||
{
|
||||
$account_key = $account->getCustomField('key');
|
||||
if(!empty($account_key))
|
||||
{
|
||||
echo 'If you enter right recovery key you will see form to set new e-mail and password to account. To this e-mail will be send your new password and account name.<BR>
|
||||
<FORM ACTION="' . getLink('account/lost') . '?action=step2" METHOD=post>
|
||||
<TABLE CELLSPACING=1 CELLPADDING=4 BORDER=0 WIDTH=100%>
|
||||
<TR><TD BGCOLOR="'.$config['vdarkborder'].'" class="white"><B>Please enter your recovery key</B></TD></TR>
|
||||
<TR><TD BGCOLOR="'.$config['darkborder'].'">
|
||||
Character name: <INPUT TYPE=text NAME="nick" VALUE="'.$nick.'" SIZE="40" readonly="readonly"><BR />
|
||||
Recovery key: <INPUT TYPE=text NAME="key" VALUE="" SIZE="40"><BR>
|
||||
</TD></TR>
|
||||
</TABLE>
|
||||
<BR>
|
||||
<TABLE CELLSPACING=0 CELLPADDING=0 BORDER=0 WIDTH=100%><TR><TD><div style="text-align:center">
|
||||
' . $twig->render('buttons.submit.html.twig') . '</div>
|
||||
</TD></TR></FORM></TABLE></TABLE>';
|
||||
}
|
||||
else
|
||||
echo 'Account of this character has no recovery key!';
|
||||
}
|
||||
else {
|
||||
echo 'Player or account of player <b>' . htmlspecialchars($nick) . '</b> doesn\'t exist.';
|
||||
}
|
||||
|
||||
$twig->display('account.back_button.html.twig', [
|
||||
'new_line' => true,
|
||||
'center' => true,
|
||||
'action' => getLink('account/lost'),
|
||||
]);
|
||||
37
system/pages/account/lost/step2.php
Normal file
37
system/pages/account/lost/step2.php
Normal file
@@ -0,0 +1,37 @@
|
||||
<?php
|
||||
|
||||
$recKey = trim($_REQUEST['key']);
|
||||
$nick = stripslashes($_REQUEST['nick']);
|
||||
|
||||
$player = new OTS_Player();
|
||||
$account = new OTS_Account();
|
||||
$player->find($nick);
|
||||
if($player->isLoaded()) {
|
||||
$account = $player->getAccount();
|
||||
}
|
||||
|
||||
if($account->isLoaded()) {
|
||||
$accountKey = $account->getCustomField('key');
|
||||
if(!empty($accountKey)) {
|
||||
if($accountKey == $recKey) {
|
||||
$twig->display('account.lost.step2.html.twig', [
|
||||
'nick' => $nick,
|
||||
'recKey' => $recKey,
|
||||
]);
|
||||
}
|
||||
else {
|
||||
echo 'Wrong recovery key!';
|
||||
}
|
||||
}
|
||||
else {
|
||||
echo 'Account of this character has no recovery key!';
|
||||
}
|
||||
}
|
||||
else
|
||||
echo "Player or account of player <b>" . htmlspecialchars($nick) . "</b> doesn't exist.";
|
||||
|
||||
$twig->display('account.back_button.html.twig', [
|
||||
'new_line' => true,
|
||||
'center' => true,
|
||||
'action' => getLink('account/lost') . '?action=step1&action_type=reckey&nick=' . urlencode($nick),
|
||||
]);
|
||||
87
system/pages/account/lost/step3.php
Normal file
87
system/pages/account/lost/step3.php
Normal file
@@ -0,0 +1,87 @@
|
||||
<?php
|
||||
$recKey = trim($_REQUEST['key']);
|
||||
$nick = stripslashes($_REQUEST['nick']);
|
||||
$newPassword = trim($_REQUEST['passor']);
|
||||
$newEmail = trim($_REQUEST['email']);
|
||||
|
||||
$player = new OTS_Player();
|
||||
$account = new OTS_Account();
|
||||
$player->find($nick);
|
||||
if($player->isLoaded()) {
|
||||
$account = $player->getAccount();
|
||||
}
|
||||
|
||||
if($account->isLoaded())
|
||||
{
|
||||
$accountKey = $account->getCustomField('key');
|
||||
if(!empty($accountKey)) {
|
||||
if($accountKey == $recKey) {
|
||||
if(Validator::password($newPassword)) {
|
||||
if(Validator::email($newEmail)) {
|
||||
$account->setEMail($newEmail);
|
||||
|
||||
$tmp_new_pass = $newPassword;
|
||||
if(USE_ACCOUNT_SALT)
|
||||
{
|
||||
$salt = generateRandomString(10, false, true, true);
|
||||
$tmp_new_pass = $salt . $newPassword;
|
||||
}
|
||||
|
||||
$account->setPassword(encrypt($tmp_new_pass));
|
||||
$account->save();
|
||||
|
||||
if(USE_ACCOUNT_SALT) {
|
||||
$account->setCustomField('salt', $salt);
|
||||
}
|
||||
|
||||
$statusMsg = '';
|
||||
if($account->getCustomField('email_next') < time()) {
|
||||
$mailBody = $twig->render('mail.account.lost.new-email.html.twig', [
|
||||
'account' => $account,
|
||||
'newPassword' => $newPassword,
|
||||
'newEmail' => $newEmail,
|
||||
]);
|
||||
|
||||
if(_mail($account->getCustomField('email'), $config['lua']['serverName']." - New password to your account", $mailBody)) {
|
||||
$statusMsg = '<br /><small>Sent e-mail with your account name and password to new e-mail. You should receive this e-mail in 15 minutes. You can login now with new password!</small>';
|
||||
}
|
||||
else {
|
||||
$statusMsg = '<br /><p class="error">An error occurred while sending email! You will not receive e-mail with this informations. For Admin: More info can be found in system/logs/mailer-error.log</p>';
|
||||
}
|
||||
}
|
||||
else {
|
||||
$statusMsg = '<br /><small>You will not receive e-mail with this informations.</small>';
|
||||
}
|
||||
|
||||
$twig->display('account.lost.finish.new-email.html.twig', [
|
||||
'statusMsg' => $statusMsg,
|
||||
'account' => $account,
|
||||
'newPassword' => $newPassword,
|
||||
'newEmail' => $newEmail,
|
||||
]);
|
||||
}
|
||||
else {
|
||||
echo Validator::getLastError();
|
||||
}
|
||||
}
|
||||
else {
|
||||
echo Validator::getLastError();
|
||||
}
|
||||
}
|
||||
else {
|
||||
echo 'Wrong recovery key!';
|
||||
}
|
||||
}
|
||||
else {
|
||||
echo 'Account of this character has no recovery key!';
|
||||
}
|
||||
}
|
||||
else {
|
||||
echo "Player or account of player <b>" . htmlspecialchars($nick) . "</b> doesn't exist.";
|
||||
}
|
||||
|
||||
$twig->display('account.back_button.html.twig', [
|
||||
'new_line' => true,
|
||||
'center' => true,
|
||||
'action' => getLink('account/lost') . '?action=step1&action_type=reckey&nick=' . urlencode($nick),
|
||||
]);
|
||||
@@ -180,7 +180,7 @@ if (empty($highscores)) {
|
||||
} else if ($skill == SKILL_FRAGS) // frags
|
||||
{
|
||||
if ($db->hasTable('player_killers')) {
|
||||
$query->addSelect(['value' => PlayerKillers::where('player_killers.player_id', 'players.id')->selectRaw('COUNT(*)')]);
|
||||
$query->addSelect(['value' => PlayerKillers::whereColumn('player_killers.player_id', 'players.id')->selectRaw('COUNT(*)')]);
|
||||
} else {
|
||||
$query->addSelect(['value' => PlayerDeath::unjustified()->whereColumn('player_deaths.killed_by', 'players.name')->selectRaw('COUNT(*)')]);
|
||||
}
|
||||
|
||||
@@ -15,8 +15,7 @@ use MyAAC\Settings;
|
||||
|
||||
return [
|
||||
'name' => 'MyAAC',
|
||||
'settings' =>
|
||||
[
|
||||
'settings' => [
|
||||
[
|
||||
'type' => 'category',
|
||||
'title' => 'General'
|
||||
@@ -1374,7 +1373,7 @@ Sent by MyAAC,<br/>
|
||||
'name' => 'Item Images URL',
|
||||
'type' => 'text',
|
||||
'desc' => 'Set to <strong>images/items</strong> if you host your own items in images folder',
|
||||
'default' => 'http://item-images.ots.me/1092/',
|
||||
'default' => 'https://item-images.ots.me/1092/',
|
||||
],
|
||||
'item_images_extension' => [
|
||||
'name' => 'Item Images File Extension',
|
||||
@@ -1390,7 +1389,7 @@ Sent by MyAAC,<br/>
|
||||
'name' => 'Outfit Images URL',
|
||||
'type' => 'text',
|
||||
'desc' => 'Set to animoutfit.php for animated outfit',
|
||||
'default' => 'http://outfit-images.ots.me/outfit.php',
|
||||
'default' => 'https://outfit-images.ots.me/outfit.php',
|
||||
],
|
||||
'outfit_images_wrong_looktypes' => [
|
||||
'name' => 'Outfit Images Wrong Looktypes',
|
||||
@@ -1590,6 +1589,34 @@ Sent by MyAAC,<br/>
|
||||
'account_change_character_sex', '=', 'true',
|
||||
],
|
||||
],
|
||||
[
|
||||
'type' => 'category',
|
||||
'title' => 'Security',
|
||||
],
|
||||
[
|
||||
'type' => 'section',
|
||||
'title' => 'IP Ban Protection',
|
||||
],
|
||||
'account_login_ipban_protection' => [
|
||||
'name' => 'IP Ban Protection',
|
||||
'type' => 'boolean',
|
||||
'desc' => 'Activate IP ban protection after exceeding incorrect login attempts',
|
||||
'default' => true,
|
||||
],
|
||||
|
||||
'account_login_attempts_limit' => [
|
||||
'name' => 'Login Attempts Limit',
|
||||
'type' => 'number',
|
||||
'desc' => 'Number of incorrect login attempts before banning the IP',
|
||||
'default' => 5, // Ajuste conforme necessário
|
||||
],
|
||||
|
||||
'account_login_ban_time' => [
|
||||
'name' => 'Ban Time (Minutes)',
|
||||
'type' => 'number',
|
||||
'desc' => 'Time in minutes the IP will be banned after exceeding login attempts',
|
||||
'default' => 30, // Ajuste conforme necessário
|
||||
],
|
||||
],
|
||||
'callbacks' => [
|
||||
'beforeSave' => function(&$settings, &$values) {
|
||||
@@ -1658,6 +1685,6 @@ Sent by MyAAC,<br/>
|
||||
|
||||
return $success;
|
||||
},
|
||||
],
|
||||
]
|
||||
];
|
||||
|
||||
|
||||
@@ -5,7 +5,7 @@ use Illuminate\Database\Eloquent\Model;
|
||||
|
||||
class PlayerKillers extends Model {
|
||||
|
||||
protected $table = 'players_killers';
|
||||
protected $table = 'player_killers';
|
||||
|
||||
public $timestamps = false;
|
||||
|
||||
|
||||
120
system/src/RateLimit.php
Normal file
120
system/src/RateLimit.php
Normal file
@@ -0,0 +1,120 @@
|
||||
<?php
|
||||
|
||||
|
||||
namespace MyAAC;
|
||||
|
||||
|
||||
class RateLimit
|
||||
{
|
||||
public string $key;
|
||||
public int $max_attempts;
|
||||
public int $ttl;
|
||||
public $enabled = false;
|
||||
protected array $data;
|
||||
|
||||
public function __construct(string $key, int $max_attempts, int $ttl)
|
||||
{
|
||||
$this->key = $key;
|
||||
$this->max_attempts = $max_attempts;
|
||||
$this->ttl = $ttl;
|
||||
}
|
||||
|
||||
public function attempts(string $ip): int
|
||||
{
|
||||
if (!$this->enabled) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (isset($this->data[$ip]['attempts'])) {
|
||||
return $this->data[$ip]['attempts'];
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
public function exceeded(string $ip): bool {
|
||||
if (!$this->enabled) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return $this->attempts($ip) >= $this->max_attempts;
|
||||
}
|
||||
|
||||
public function increment(string $ip): bool
|
||||
{
|
||||
global $cache;
|
||||
if ($this->enabled && $cache->enabled()) {
|
||||
if (isset($this->data[$ip]['attempts']) && isset($this->data[$ip]['last'])) {
|
||||
$this->data[$ip]['attempts']++;
|
||||
$this->data[$ip]['last'] = time();
|
||||
} else {
|
||||
$this->data[$ip] = [
|
||||
'attempts' => 1,
|
||||
'last' => time(),
|
||||
];
|
||||
}
|
||||
|
||||
$this->save();
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
public function reset(string $ip): void
|
||||
{
|
||||
if (!$this->enabled) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (isset($this->data[$ip])) {
|
||||
unset($this->data[$ip]);
|
||||
}
|
||||
|
||||
$this->save();
|
||||
}
|
||||
|
||||
public function save(): void
|
||||
{
|
||||
global $cache;
|
||||
if (!$this->enabled) {
|
||||
return;
|
||||
}
|
||||
|
||||
$data = $this->data;
|
||||
$cache->set($this->key, serialize($data), $this->ttl * 60);
|
||||
}
|
||||
|
||||
public function load(): void
|
||||
{
|
||||
global $cache;
|
||||
if (!$this->enabled) {
|
||||
return;
|
||||
}
|
||||
|
||||
$data = [];
|
||||
if ($this->enabled && $cache->enabled()) {
|
||||
$tmp = '';
|
||||
if ($cache->fetch($this->key, $tmp)) {
|
||||
$data = unserialize($tmp);
|
||||
$to_remove = [];
|
||||
foreach ($data as $ip => $t) {
|
||||
if (time() - $t['last'] >= ($this->ttl * 60)) {
|
||||
$to_remove[] = $ip;
|
||||
}
|
||||
}
|
||||
|
||||
if (count($to_remove)) {
|
||||
foreach ($to_remove as $ip) {
|
||||
unset($data[$ip]);
|
||||
}
|
||||
|
||||
$this->save();
|
||||
}
|
||||
} else {
|
||||
$data = [];
|
||||
}
|
||||
}
|
||||
|
||||
$this->data = $data;
|
||||
}
|
||||
}
|
||||
@@ -45,6 +45,12 @@ define('HOOK_ACCOUNT_CREATE_AFTER_TOWNS', ++$i);
|
||||
define('HOOK_ACCOUNT_CREATE_BEFORE_SUBMIT_BUTTON', ++$i);
|
||||
define('HOOK_ACCOUNT_CREATE_AFTER_FORM', ++$i);
|
||||
define('HOOK_ACCOUNT_CREATE_POST', ++$i);
|
||||
define('HOOK_ACCOUNT_CREATE_AFTER_SUBMIT', ++$i);
|
||||
define('HOOK_ACCOUNT_CREATE_AFTER_SAVED', ++$i);
|
||||
define('HOOK_ACCOUNT_MANAGE_BEFORE_GENERAL_INFORMATION', ++$i);
|
||||
define('HOOK_ACCOUNT_MANAGE_BEFORE_PUBLIC_INFORMATION', ++$i);
|
||||
define('HOOK_ACCOUNT_MANAGE_BEFORE_ACCOUNT_LOGS', ++$i);
|
||||
define('HOOK_ACCOUNT_MANAGE_BEFORE_CHARACTERS', ++$i);
|
||||
define('HOOK_ACCOUNT_LOGIN_BEFORE_PAGE', ++$i);
|
||||
define('HOOK_ACCOUNT_LOGIN_BEFORE_ACCOUNT', ++$i);
|
||||
define('HOOK_ACCOUNT_LOGIN_AFTER_ACCOUNT', ++$i);
|
||||
|
||||
@@ -142,10 +142,14 @@ function updateStatus() {
|
||||
}
|
||||
}
|
||||
|
||||
$status['uptime'] = $serverStatus->getUptime();
|
||||
$h = floor($status['uptime'] / 3600);
|
||||
$m = floor(($status['uptime'] - $h * 3600) / 60);
|
||||
$status['uptimeReadable'] = $h . 'h ' . $m . 'm';
|
||||
$uptime = $status['uptime'] = $serverStatus->getUptime();
|
||||
$m = date('m', $uptime);
|
||||
$m = $m > 1 ? "$m months, " : ($m == 1 ? 'month, ' : '');
|
||||
$d = date('d', $uptime);
|
||||
$d = $d > 1 ? "$d days, " : ($d == 1 ? 'day, ' : '');
|
||||
$h = date('H', $uptime);
|
||||
$min = date('i', $uptime);
|
||||
$status['uptimeReadable'] = "{$m}{$d}{$h}h {$min}m";
|
||||
|
||||
$status['monsters'] = $serverStatus->getMonstersCount();
|
||||
$status['motd'] = $serverStatus->getMOTD();
|
||||
|
||||
@@ -1,7 +1,26 @@
|
||||
{% if new_line is defined and new_line %}
|
||||
<br/>
|
||||
{% endif %}
|
||||
<form action="{% if action is not defined %}{{ getLink('account/manage') }}{% else %}{{ action }}{% endif %}" method="post">
|
||||
{{ csrf() }}
|
||||
{{ include('buttons.back.html.twig') }}
|
||||
</form>
|
||||
|
||||
{% set _center = false %}
|
||||
|
||||
{% if center is defined and center %}
|
||||
{% set _center = true %}
|
||||
{% endif %}
|
||||
|
||||
{% if _center %}
|
||||
<table border="0" cellspacing="1" cellpadding="4" width="100%">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td align="center">
|
||||
{% endif %}
|
||||
<form action="{% if action is not defined %}{{ getLink('account/manage') }}{% else %}{{ action }}{% endif %}" method="post">
|
||||
{{ csrf() }}
|
||||
{{ include('buttons.back.html.twig') }}
|
||||
</form>
|
||||
{% if _center %}
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
{% endif %}
|
||||
|
||||
24
system/templates/account.lost.check-code.html.twig
Normal file
24
system/templates/account.lost.check-code.html.twig
Normal file
@@ -0,0 +1,24 @@
|
||||
Please enter code from e-mail and name of one character from account. Then press Submit.<br/>
|
||||
<form action="{{ getLink('account/lost') }}?action=check-code" method="post">
|
||||
<table cellspacing="1" cellpadding="4" border="0" width="100%">
|
||||
<tr>
|
||||
<td bgcolor="{{ config('vdarkborder') }}" class="white">
|
||||
<b>Code & character name</b>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td bgcolor="{{ config('darkborder') }}">
|
||||
Your code: <input type="text" name="code" value="{{ code }}" size="40"><br/>
|
||||
Character: <input type="text" name="character" value="{{ character }}" size="40"><br/>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
<br>
|
||||
<table cellspacing="0" cellpadding="0" border="0" width="100%">
|
||||
<tr>
|
||||
<td align="center">
|
||||
{{ include('buttons.submit.html.twig') }}
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</form>
|
||||
26
system/templates/account.lost.finish.new-email.html.twig
Normal file
26
system/templates/account.lost.finish.new-email.html.twig
Normal file
@@ -0,0 +1,26 @@
|
||||
Your account name, new password and new e-mail.<br/>
|
||||
<table cellspacing="1" cellpadding="4" border="0" width="100%">
|
||||
<tr>
|
||||
<td bgcolor="{{ config('vdarkborder') }}" class="white">
|
||||
<b>Your account name, new password and new e-mail</b>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td bgcolor="{{ config('darkborder') }}">
|
||||
Account name: <b>{{ account.getName() }}</b><br/>
|
||||
New password: <b>{{ newPassword }}</b><br/>
|
||||
New e-mail address: <b>{{ newEmail }}</b><br/>
|
||||
{{ statusMsg|raw }}
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
<br>
|
||||
<table cellspacing="0" cellpadding="0" border="0" width="100%">
|
||||
<tr>
|
||||
<td align="center">
|
||||
<form action="{{ getLink('account/manage') }}" method="post">
|
||||
{{ include('buttons.login.html.twig') }}
|
||||
</form>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
23
system/templates/account.lost.finish.new-password.html.twig
Normal file
23
system/templates/account.lost.finish.new-password.html.twig
Normal file
@@ -0,0 +1,23 @@
|
||||
New password to your account is below. Now you can login.<BR>
|
||||
<table cellspacing="1" cellpadding="4" border="0" width="100%">
|
||||
<tr>
|
||||
<td bgcolor="{{ config('vdarkborder') }}" class="white"><b>Changed password</b></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td bgcolor="{{ config('darkborder') }}">
|
||||
New password: <b>{{ newPassword }}</b><br/>
|
||||
Account name: <i>(Already on your e-mail)</i><br/>
|
||||
{{ statusMsg|raw }}
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
<br/>
|
||||
<table cellspacing="0" cellpadding="0" border="0" width="100%">
|
||||
<tr>
|
||||
<td align="center">
|
||||
<form action="{{ getlink('account/manage') }}" method="post">
|
||||
{{ include('buttons.submit.html.twig') }}
|
||||
</form>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
23
system/templates/account.lost.step1-email.html.twig
Normal file
23
system/templates/account.lost.step1-email.html.twig
Normal file
@@ -0,0 +1,23 @@
|
||||
Please enter e-mail to account with this character.<br/>
|
||||
<form action="{{ getLink('account/lost') }}?action=send-code" method="post">
|
||||
<input type=hidden name="character">
|
||||
<table cellspacing=1 cellpadding=4 border=0 width=100%>
|
||||
<tr>
|
||||
<td bgcolor="{{ config('vdarkborder') }}" class="white"><b>Please enter e-mail to account</b></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td bgcolor="{{ config('darkborder') }}">
|
||||
Character: <input type=text name="nick" value="{{ nick }}" size="40" readonly="readonly"><br/>
|
||||
E-mail to account: <input type=text name="email" value="" size="40"><br/>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
<br>
|
||||
<table cellspacing=0 cellpadding=0 border=0 width=100%>
|
||||
<tr>
|
||||
<td><div style="text-align:center">
|
||||
{{ include('buttons.submit.html.twig') }}</div>
|
||||
</TD>
|
||||
</TR>
|
||||
</table>
|
||||
</form>
|
||||
27
system/templates/account.lost.step2.html.twig
Normal file
27
system/templates/account.lost.step2.html.twig
Normal file
@@ -0,0 +1,27 @@
|
||||
Set new password and e-mail to your account.<br>
|
||||
<form action="{{ getLink('account/lost') }}?action=step3" method="post">
|
||||
<input type="hidden" name="character" value="">
|
||||
<table cellspacing="1" cellpadding="4" border="0" width="100%">
|
||||
<tr>
|
||||
<td bgcolor="{{ config('vdarkborder') }}" class="white">
|
||||
<b>Please enter new password and e-mail</b>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td bgcolor="{{ config('darkborder') }}">
|
||||
Account of character: <input type="text" name="nick" value="{{ nick }}" size="40" readonly="readonly"><br/>
|
||||
New password: <input id="passor" type="password" name="passor" value="" size="40"><br/>
|
||||
Repeat new password: <input id="passor2" type="password" name="passor" value="" size="40"><br/>
|
||||
New e-mail address: <input id="email" type="text" name="email" value="" size="40"><br/>
|
||||
<input type=hidden name="key" VALUE="{{ recKey }}">
|
||||
</td></tr>
|
||||
</table>
|
||||
<br>
|
||||
<table cellspacing="0" cellpadding="0" border="0" width="100%">
|
||||
<tr>
|
||||
<td align="center">
|
||||
{{ include('buttons.submit.html.twig') }}
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</form>
|
||||
@@ -88,6 +88,7 @@
|
||||
</div>
|
||||
<br/><br/>
|
||||
{% endif %}
|
||||
{{ hook('HOOK_ACCOUNT_MANAGE_BEFORE_GENERAL_INFORMATION') }}
|
||||
<a name="General+Information"></a>
|
||||
<h2>General Information</h2>
|
||||
<table width="100%">
|
||||
@@ -127,6 +128,7 @@
|
||||
{% endautoescape %}
|
||||
</table>
|
||||
<br/>
|
||||
{{ hook('HOOK_ACCOUNT_MANAGE_BEFORE_PUBLIC_INFORMATION') }}
|
||||
<a name="Public+Information"></a>
|
||||
<h2>Public Information</h2>
|
||||
<table width="100%">
|
||||
@@ -145,6 +147,7 @@
|
||||
{% include('buttons.base.html.twig') %}
|
||||
</form>
|
||||
<br/>
|
||||
{{ hook('HOOK_ACCOUNT_MANAGE_BEFORE_ACCOUNT_LOGS') }}
|
||||
<a name="Account+Logs" ></a>
|
||||
<h2>Action Log</h2>
|
||||
<table>
|
||||
@@ -164,6 +167,7 @@
|
||||
{% endautoescape %}
|
||||
</table>
|
||||
<br/>
|
||||
{{ hook('HOOK_ACCOUNT_MANAGE_BEFORE_CHARACTERS') }}
|
||||
<a name="Characters" ></a>
|
||||
<h2>Character list: {{ players|length }} characters.</h2>
|
||||
<table>
|
||||
|
||||
@@ -9,7 +9,13 @@
|
||||
<form action="{{ constant('BASE_URL') }}install/" method="post" autocomplete="off">
|
||||
<input type="hidden" name="step" id="step" value="finish" />
|
||||
|
||||
{% for value in ['email', 'account', 'password', 'password_confirm', 'player_name'] %}
|
||||
{% set values = ['email', 'account', 'password', 'password_confirm'] %}
|
||||
|
||||
{% if hasTablePlayers %}
|
||||
{% set values = values|merge(['player_name']) %}
|
||||
{% endif %}
|
||||
|
||||
{% for value in values %}
|
||||
|
||||
<div class="form-group mb-2">
|
||||
<label for="vars_{{ value }}">{{ locale['step_admin_' ~ value] }}</label>
|
||||
|
||||
10
system/templates/mail.account.lost.code.html.twig
Normal file
10
system/templates/mail.account.lost.code.html.twig
Normal file
@@ -0,0 +1,10 @@
|
||||
You asked to reset your {{ config('lua')['serverName'] }} password.<br/>
|
||||
<p>Account name: {{ account.getName() }}</p>
|
||||
<br/>
|
||||
To do so, please click this link:
|
||||
<p>
|
||||
<a href="{{ getLink('account/lost') }}?action=check-code&code={{ newCode }}&character={{ nick|urlencode }}">{{ getLink('account/lost') }}?action=check-code&code={{ newCode }}&character={{ nick|urlencode }}</a>
|
||||
</p>
|
||||
<p>or open page: <i>{{ getLink('account/lost') }}?action=check-code</i> and in field "code" write <b>{{ newCode }}</b></p>
|
||||
<br/>
|
||||
<p>If you did not request a password change, you may ignore this message and your password will remain unchanged.
|
||||
7
system/templates/mail.account.lost.new-email.html.twig
Normal file
7
system/templates/mail.account.lost.new-email.html.twig
Normal file
@@ -0,0 +1,7 @@
|
||||
<h3>Your account name and new password!</h3>
|
||||
<p>Changed password and e-mail to your account in Lost Account Interface on server <a href="{{ constant('BASE_URL') }}"><b>{{ config('lua')['serverName'] }}</b></a></p>
|
||||
<p>Account name: <b>{{ account.getName() }}</b></p>
|
||||
<p>New password: <b>{{ newPassword }}</b></p>
|
||||
<p>E-mail: <b>{{ $newEmail }}</b> (this e-mail)</p>
|
||||
<br/>
|
||||
<p><u>It's automatic e-mail from OTS Lost Account System. Do not reply!</u></p>
|
||||
@@ -0,0 +1,6 @@
|
||||
<h3>Your account name and password!</h3>
|
||||
<p>Changed password to your account in Lost Account Interface on server <a href="{{ constant('BASE_URL') }}"><b>config('lua')['serverName'] }}</b></a></p>
|
||||
<p>Account name: <b>{{ account.getName() }}</b></p>
|
||||
<p>New password: <b>{{ newPassword }}</b></p>
|
||||
<br/>
|
||||
<p><u>It's automatic e-mail from OTS Lost Account System. Do not reply!</u></p>
|
||||
@@ -111,6 +111,7 @@
|
||||
</div>
|
||||
<br/><br/>
|
||||
{% endif %}
|
||||
{{ hook('HOOK_ACCOUNT_MANAGE_BEFORE_GENERAL_INFORMATION') }}
|
||||
<a name="General+Information" ></a>
|
||||
<div class="TopButtonContainer">
|
||||
<div class="TopButton">
|
||||
@@ -221,6 +222,7 @@
|
||||
{% endset %}
|
||||
{% include 'tables.headline.html.twig' %}
|
||||
<br/>
|
||||
{{ hook('HOOK_ACCOUNT_MANAGE_BEFORE_PUBLIC_INFORMATION') }}
|
||||
<a name="Public+Information"></a>
|
||||
<div class="TopButtonContainer">
|
||||
<div class="TopButton">
|
||||
@@ -280,6 +282,7 @@
|
||||
{% endset %}
|
||||
{% include 'tables.headline.html.twig' %}
|
||||
<br/>
|
||||
{{ hook('HOOK_ACCOUNT_MANAGE_BEFORE_ACCOUNT_LOGS') }}
|
||||
<a name="Account+Logs" ></a>
|
||||
<div class="TopButtonContainer">
|
||||
<div class="TopButton">
|
||||
@@ -333,6 +336,7 @@
|
||||
{% endset %}
|
||||
{% include 'tables.headline.html.twig' %}
|
||||
<br/>
|
||||
{{ hook('HOOK_ACCOUNT_MANAGE_BEFORE_CHARACTERS') }}
|
||||
<a name="Characters" ></a>
|
||||
<div class="TopButtonContainer">
|
||||
<div class="TopButton" >
|
||||
|
||||
Reference in New Issue
Block a user